The technology behind encryption is very specific and algorithmic. To better understand encryption, it helps to categorize its two main use cases.
Communication is probably the area where encryption is most widely used. And most of us use it every day without even thinking about it.
Purchase something online for your birthday? It’s a safe bet that the communication between your browser and the retailer’s website transitioned to an encrypted link, in this case HTTPS, before any sensitive data was transmitted.
Maybe you were on your wireless network at home while making the purchase? The link between your computer and the wireless access point is also probably using encryption, and if not, it should be.
In general, encryption used in communication simply scrambles the data being transmitted in such a way that only the intended recipient can unscramble the data. Of course the details are much more involved, but the concept is that simple. Different methods for scrambling the data and communicating the way to unscramble the data are available, with some being more secure than others. That’s why there was a transition over time in WLAN security from WEP (wired equivalent privacy) to WPA to WPA2 (Wi-Fi protected access). Communication channels are well suited to the application of encryption technology because these channels typically have some level of latency anyway (delay sending data from point A to point B) so adding a bit more because of the overhead of encrypting and decrypting the data is not a problem. Also, communication channels are typically the most vulnerable areas in computing, especially anything transmitted over wireless, and so encryption is necessary for adequate protection.
The other major use of encryption is in data storage. Stored data is typically not as vulnerable as transmitted data, as a perpetrator must somehow breach the asset where the data is stored, either physically, through built-in software protection like a firewall, or both. However, the density of stored data is much higher than that of transmitted data, so it can be a goldmine if access is gained.
Encryption of stored data should be a common practice, just as in sensitive communication paths, but it isn’t. Communication protocols effectively govern the amount of data sent, so encryption is quite manageable. But data stores, like file structures, databases, etc., can be extremely large, making the use of encryption more challenging, especially when that data is being accessed on a routine basis, and the users accessing the data are expecting near instantaneous responses when they access a database or open a document.
Based on the perceived safety of stored data, and the delayed response time that encryption would add to every transaction, encryption for stored data is still not widely used today. There are exceptions, however. Data that is being archived, or are not routinely accessed, can be effectively encrypted with little penalty and a significant increase in the overall security of the data. Also, data on mobile devices, like smart phones, iPads, and even laptops and external storage devices is very vulnerable due to theft and loss, so use of at least selective encryption for sensitive data files should be considered.
Encryption plays an important role in mitigating security related risk. However, encryption has limitations — particularly if it is not being used correctly. Learning more about encryption can help ensure that you’re using it properly and getting protection against as many kinds of attacks as possible.