Human history is full of examples of encryption playing pivotal roles in war, competition and transitions of power. Throughout recorded time, people have employed encryption as a tactical tool to keep information private. That data could involve military campaigns, plots to overthrow political leaders or political dealings. In some cases, the use of encryption actually resulted in a false sense of security, because the encryption method itself was not secure enough.
With the advent of encryption, history set itself on a new course. The confidentiality, integrity and availability of information (or lack thereof) changed the outcome of events. In hindsight, the basic tools of data protection influenced people long before the invention of modern computing.
In today’s world, unlike the bulk of human history, information crosses the planet in real-time. When we make decisions based on that information, it is key that information is not only available when we need it, but is reliable and, often, confidential.
Encryption offers three pillars of value: confidentiality, reliability and control. These map nicely to the information security triad of confidentiality, integrity and availability.
We all know that encrypting data makes the data confidential and hides it from the prying eyes of thieves, eavesdroppers and other threat actors. For a historical example, look at the highly classified plans of the Enola Gay bomber to drop the first atomic bomb. These plans were only communicated by way of encrypted channels. If they had been discovered by the Japanese military or their allies, the outcome of World War II could have been much different.
Integrity and Reliability Through Encryption
The other pillars provide just as much value and have just as much importance in history. Data encryption is a proactive step in adding reliability (or integrity) to the data. Reliability is an inherent characteristic of the algorithms used to encrypt data. If one bit is changed, the entire ciphertext may not be able to be decrypted, much less verified.
Specific algorithms called hash algorithms (and by extension, digital signatures) provide the mathematical anchors of reliability and integrity. They are important even though they do not specifically encrypt the data itself. The reliability pillar provides data protection against accidental (or intentional) changes.
Business, economic and military decisions are based on the availability of reliable data. If data is not reliable, then those decisions may do more damage than good. Critical data, such as the location of an aircraft approaching an airport, the temperature of a nuclear reactor or the earnings of a public company, influences how professionals respond. If that information is not reliable, bad things can happen.
Taking another chapter from the history of encryption, Mary Queen of Scots suffered the wrath of Queen Elizabeth I because of a weak cipher. Mary and Anthony Babington, her co-conspirator, used a cipher in in their plot to take over the English throne. This weak cipher not only could be broken, but it could also be forged.
Queen Elizabeth’s spymaster, Sir Francis Walsingham, oversaw the forgery of an encrypted message that resulted in the unintentional disclosure of the names of Babington’s accomplices to Walsingham along with the plot to overthrow Queen Elizabeth. The lack of reliability in the cipher used by the conspirators resulted in their executions.
The History of Data Control
Often data professionals acknowledge the third value pillar of encryption, data control, least. Whether that data consists of financial information on your organization’s performance, a photo of you from college, a letter between you and a previous business or a personal relationship, you generally want to keep this information confidential.
How does enterprise manage the risk to confidential data that could potentially live forever on the internet? We may not be able to control the bits of data or where they are located on the internet, but we can control the value of those bits. Data encryption requires robust encryption key management. As long as the data owners control the keys, they also control the data, regardless of where the data is located.
Whether we discard a key to a treasure chest by throwing it overboard or we encrypt data and destroy the encryption key, the effect is the same. The data (the treasure) is no longer recoverable, regardless of where it is located. This is a powerful concept that shows the control value of proper encryption key management. This is exemplified by the legendary Blitz Ciphers and the D-Day pigeon cipher from World War II. No one has yet encrypted those encoded messages. The authors of these messages, although long gone, are still in control of the information kept by their ciphers.
What would happen if all data were encrypted? Remember the three pillars of value for encryption and that confidentiality is only one of those pillars. Enterprise would find data to be more reliable and controllable if it was thoroughly encrypted. We would avoid inadvertent disclosure of data, and we would be able to make better and more reliable decisions. So, take a page from history, and know there is power in employing data encryption.
The post How Employing Encryption for Data Security Changed History appeared first on Security Intelligence.
This post appeared first on Security Intelligence
Author: Rick M Robinson