{"id":11179,"date":"2021-05-20T08:10:20","date_gmt":"2021-05-20T15:10:20","guid":{"rendered":"https:\/\/www.couchbase.com\/blog\/?p=11179"},"modified":"2021-05-19T18:02:27","modified_gmt":"2021-05-20T01:02:27","slug":"why-data-encryption-is-essential-2","status":"publish","type":"post","link":"https:\/\/www.couchbase.com\/blog\/why-data-encryption-is-essential-2\/","title":{"rendered":"Why Data Encryption Is Essential"},"content":{"rendered":"

This article aims to bring awareness around the importance of data encryption, considering the astounding rate at which data is being produced, transmitted and consumed. We will discuss the need for data protection, regulation, and some encryption best practices.<\/span><\/i><\/h4>\n

Organizations of all sizes across the globe <\/span>are dealing with a staggering volume of data, ranging from personally identifiable information (PII) to protected health information (PHI), financial records, and other sensitive information that can quickly get out of control if not governed properly.<\/span><\/p>\n

Data privacy protection is becoming a priority for individuals, organizations and governments alike. As governments work to get protection of data privacy rights under control, organizations are reconsidering how they collect, store and process personal information. Data encryption is one thing that can help organizations mitigate risks and stop data sprawl and cyberattacks before they occur.<\/span><\/p>\n

What is data encryption?<\/b><\/span><\/h5>\n

Data encryption<\/b> is a process in which plaintext information is scrambled into incomprehensible text known as cipher-text, using cryptographic modules known as secret keys that only authorized parties can understand. On the other hand, decryption is the process of converting cipher-text back to plaintext data using the same secret key.\u00a0\u00a0<\/span><\/p>\n

There are two main kinds of data encryption standard: symmetric and asymmetric.<\/span><\/p>\n

\"Arrows<\/p>\n

In symmetric encryption, developers use only one secret key for both encryption and decryption.<\/span><\/em><\/p>\n

\"Two<\/p>\n

In asymmetric encryption, developers use two keys: a public key and a private key. There\u2019s a public encryption key for anyone to use and a private decryption key that must be kept secret. Developers generally prefer asymmetric encryption over the wire — also known as \u201cdata encryption in transit\u201d — using protocols like SSL and TLS.<\/span><\/em><\/p>\n

Why data encryption is essential<\/b><\/span><\/h5>\n

Let\u2019s take a look at some data breaches that occurred during <\/span>2020.<\/b><\/p>\n

January 22: <\/b>A customer support database holding over 280 million Microsoft customer records was left unprotected on the web. <\/span>Microsoft\u2019s exposed database<\/span><\/a> disclosed email addresses, IP addresses, and support case details. Microsoft says the database did not include any other personal information.<\/span><\/p>\n

February 11: <\/b>Fifth Third Bank<\/span><\/a>, a financial institution with 1,150 branches in 10 US states, claims a former employee was responsible for a data breach that exposed customer names, Social Security numbers, driver\u2019s license information, mother\u2019s maiden names, addresses, phone numbers, date of birth, and account numbers. The total number of affected employees and banking clients remains undisclosed.<\/span><\/p>\n

April 6:<\/b> A digital wallet app,<\/span> Key Ring<\/span><\/a>, stored customer data of 14 million users in an unsecured database. The app allows users to easily upload and store scans and photos of membership and loyalty cards to a digital folder in their mobile device. The exposed data included names, full credit card details (including CVV numbers), email address, birth date, address, membership ID numbers, retail club and loyalty card memberships, government IDs, gift cards, medical insurance cards, medical marijuana IDs, IP address and encrypted passwords.<\/span><\/p>\n

June 23: <\/b>A <\/span>security lapse at Twitter<\/span><\/a> exposed an undisclosed number of business users’ account information, including email addresses, phone numbers, and the last four digits of their credit card numbers.<\/span><\/p>\n

This is not a comprehensive list, but it gives us an idea of the scale at which data breaches can occur, irrespective of the size, location, and type of organization.<\/span><\/p>\n

According to <\/span>IBM Cost of Data Breach Report 2020<\/span><\/a>, the average cost of data breach in the United States alone is $8.64M. Most of these attacks expose customer PII, costing businesses an average of $150 per stolen record. Add to this indirect costs such as\u00a0<\/span>bad publicity and loss of consumer confidence. Data breaches can impact sales for years to come.<\/span><\/p>\n

Overwhelming? <\/span>This is where data encryption can make a difference.<\/span><\/p>\n

A strong encryption:<\/strong><\/span><\/h5>\n