As attackers continue to evolve their tactics, protecting exposed data with encryption remains a critical security practice. However, the type of encryption tool an organization needs depends upon its sophistication and use cases.
While banks and government agencies might be worried about quantum-computing-proof encryption, many small and home offices (SOHO) have yet to shop for their first encryption tool. Fortunately, a huge variety of encryption vendors provide options to satisfy a broad range of needs.
Need a refresher on encryption before reading the article? Read Encryption: How It Works, Types, and the Quantum Future first.
Table of Contents
Best Encryption Software & Tools by Category
- Top Free File Encryption Software for SOHO and Individuals
- Top Local Storage SMB File Encryption Software
- Top Email Encryption Software
- Top Application Layer Encryption Software
- Top End-to-End Encryption Solutions
- Quantum Encryption Solutions
Top Free and Low Cost File Encryption Software
Small security teams or small office and home office (SOHO) users have limited needs and often need to use free tools that offer limited but adequate capabilities for simple needs. For full disk encryption, organizations can use software built into the operating system (Microsoft BitLocker, Apple File Vault, etc.), but these solutions only cover local drives and cannot be used for file sharing or separate encryption passwords for critically important data. The third-party tools in this section provide additional capabilities worth exploring, but as free tools often provide limited support.
7-Zip – Popular Free Tool for File Sharing
7-Zip is a prominent free, open-source encryption tool for local file encryption and compressed storage. Much of its code is under the GNU LGPL license, with other parts under the BSD 3-clause and the unRAR licenses.
- High compression ratio for the 7z format
- Multiple compression formats supported, such as TAR, ZIP, etc.
- Self-extracting compression files can be created
- AES-256 encryption for 7z and ZIP files
- Command line version available
- Localization in 87 languages, with early support for Asian characters, this tool is very popular in Japan, China, etc.
- Works for Windows, Linux, and macOS
- 7z format widely supported by other tools
- Easy to use for secure file sharing through email and file sharing sites
- Open source tools only have community support
- Primarily a compression tool with encryption capabilities
- not optimized for easy compression of single files
- not meant to be used for files actively in use
7-Zip is a free tool and can be downloaded and used on any computer.
GnuPG – Best Free Linux Tool
The Gnu Privacy Guard (GnuPG or GPG) open source tool provides convenient and effective implementation of the Open Pretty Good Privacy (OpenPGP) encryption standard developed for email. GnuPG turned 25 in 2022, continues to be updated, and is often built into other commercially available tools.
- No Patent Infringement – uses publicly available algorithms.
- SSH-agent implementation to keep track of users’ identity keys and passphrases
- Hybrid-encryption tool combining symmetric-key and public-key cryptography
- Uses AES symmetrical encryption algorithm by default
- Elliptic curve cryptography support in releases 2.0 and later
- Compression Options: zip, zlib, bzip2
- Often included with many Linux distributions
- Inexpensive and widely used tool based on a well-established standard
- Compatible with macOS and also available for Windows
- Simple graphical user interface (GUI) over a command line tool
- As an open-source tool, no formal customer support
- Requires some IT and encryption expertise for best use of all features
- Some commands execute on the command line interface, not the GUI
GnuPG is an open source, free tool.
VeraCrypt – Best Hidden Encryption Tool
VeraCrypt is a free, open-source disk encryption software that can be used on Windows, macOS, and Linux systems. VeraCrypt forks off of the popular TrueCrypt project and adds features that enable obfuscation and secrecy.
Three key features (unique setup, nested encryption, and hidden volume) can be combined to create hidden repositories. The master repository can be obfuscated to appear to be another large file type (movies, photos, etc.), and can be opened using two distinct passwords in case the user is forced to reveal the password. One password opens the vault and allows access to all files, but the alternative password hides some files and folders.
- Unique setup creates an encrypted container that can be named to appear to be any type of file (Ex: HomeMovie.mov) for further obfuscation
- Nested encryption creates virtual containers within virtual containers, each with their own passwords
- Hidden volume feature can create normally-undetectable repositories within the VeraCrypt container that use different passwords for extra security
- Virtual encrypted disk mounts as a disk drive once opened
- Encryption options for full or partition encryption for USB flash, external, and internal hard drives
- Pre-boot authentication full drive encryption option
- Transparent, on-the-fly encryption automatically encrypts data
- Parallelization and pipelining allow data to be read and written as fast as if the drive was not encrypted
- Hardware-accelerated encryption options with the latest processors
- Robust encryption software with many options
- Multilingual menus and documentation
- Can hide encrypted data in plain sight
- Can select multiple high-quality encryption algorithms: AES, Serpent, Kuznyechik, etc.
- Dated-looking GUI
- No formal support
- No built-in integration for cloud storage
- No file-sharing options
VeraCrypt is open source and available for free.
Top Local Storage SMB File Encryption Software
Free tools solve basic problems, but as a business grows, managing the deployment, update, and coordination of free products becomes too time consuming and burdensome. Growing companies need centralized control and the additional features of more professional encryption solutions. Tools in this category focus on the encryption of files saved to local and network shared devices.
AxCrypt Premium enables users to encrypt files locally with the AES-256 encryption algorithm and to share them using AxCrypt key sharing. It protects sensitive and classified information of all levels and simplifies the process of securing folders via automation.
- Enables file and key sharing with others through email and cloud storage (Box, Dropbox, Google Drive, OneDrive, etc.)
- Mobile app encrypts and decrypts files for iOS and Android users
- Password management and a password generator included to keep all passwords strong and safe
- Encrypted file sharing enabled by AxCrypt as a middleman key manager; keys are not directly shared but recipient will need to at least obtain a free version of AxCrypt to access the file
- Business Admin function centrally manages licenses
- Business Master Encryption Key for business accounts
- Dedicated Account Manager to support business accounts
- Anonymous File Names: file names are obfuscated after encryption
- Broad OS Compatibility: Windows, macOS, iOS, Android
- Strong support for business needs
- Does not support Linux or Windows Phone
AxCrypt offers a one month trial period and a 20% discount when customers select annual billing instead of monthly billing. The published price for AxCrypt Business is $12 per user per month.
- Drag and drop automatic encryption and synchronization
- Unlimited Local Locker Encryption, cloud locker storage varies with the level of the plan purchased
- On-the-fly file decryption and updates
- Secure file sharing between users
- Cloud-sync file sharing between a user’s local PCs, mobile devices, and the cloud for always-updated access
- Supports Shared-Device Users via unique encryption keys for each user of that device
- End-to-end encryption between devices and the cloud
- Combines encryption, backup, and file sharing capabilities
- Centralized management and control of encryption keys
- Supports multi-factor authentication
- Browser access available for incompatible OS or devices
- Looks and feels like another Windows folder for daily use
- Does not natively support Linux
- Online reviews are generally positive, but some complain of slow performance, lost files and a difficult recovery process
NordLocker offers a free 14 day trial and four levels of plans for NordLocker Business:
- 100 GB of cloud storage: 99 cents per user per month, billed annually
- 1TB and 2TB plans include a dedicated account manager and cost $3.99/user/month and $4.69/user/month, respectively, both billed annually.
- Custom plan with custom pricing
Trend Micro Endpoint Encryption
Trend Micro Endpoint Encryption encrypts data on PC and macOS laptops, desktops, USB drives, and removable media. It is available as a separate agent and combines enterprise-wide full disk, file/folder, and removable media encryption to prevent unauthorized access and use of private information.
- Centralized Management through a single program to manage users for endpoint protection, encryption, and other Trend Micro security products
- Encryption Management through a single software agent that pushes policies to endpoints through built-in OS encryption programs: BitLocker (WIndows) and FileVault 2 (macOS)
- Transparent key management to enable easy encryption management for for both users and administrators
- Remote lock and kill capability for lost or stolen devices
- Self-encrypting drive support for TCG OPAL and OPAL 2 SED drives
- Pre-boot transparent encryption without performance degradation
- Data on laptops, desktops, and removable media is protected as mobile computing devices and organizational needs change
- Encrypts full volumes, files and file folders
- Enforcement of compliance requirements through real-time policy enforcement, detailed audits, and reporting by individual, organizational unit, or device
- Recovery console for Windows devices
- Pre-boot authentication
- Extends to protect user-owned devices
- Does not protect servers
- Does not protect linux OS
- Although it integrates with endpoint protection, encryption requires a separate agent
Trend Micro offers free quotes and free trials of the Smart Protection Suite that includes the Endpoint Encryption tool instead of published pricing. Trend Micro also helps organizations to find a resale partner that can likely provide bulk pricing or other incentives. A license for a single user and up to 500 endpoints is estimated to be between $75 and $85 per year.
Top Email Encryption Software
Current email protocols send email contents in plain text. If an adversary intercepts or gains access to email, they can easily read the contents.
Most email programs, such as Microsoft 365 or Google Mail, offer built-in encryption options, but those encryption schemes require a supporting recipient email server and will sometimes send emails unencrypted to recipients with incompatible mail servers.
Organizations with strong secrecy requirements or facing regulatory enforcement for data breaches need additional security and reliability from a separate tool to deliver email encryption. While some organizations will solve multiple email issues using embedded features in an email gateway, others prefer a specialty email encryption solution.
Cisco Secure Email Encryption Service – Popular with Enterprises
Cisco’s Secure Email Encryption Service uses registered envelopes to ensure that only the correct recipient receives both the message and the decryption key needed to read the encrypted message. The service is available as a standalone service, but also integrates with Cisco Secure Email gateways.
- Two step verification ensures registered and identity-proven recipients
- Easy to use for senders and recipients without the need for any additional software or application installed at the endpoint
- Enhanced Email Controls allow emails to be recalled, to set expiration dates, receive receipts, and to allow/deny Forward, Reply, Reply All
- One-click email encryption through Microsoft Outlook
- Works independently from the operating system and is compatible with all devices that can access email
- Turnkey and non-disruptive solution; does not require new hardware or software
- Multiple secure delivery methods
- Well-known Cisco brand provides comfort to senders and recipients
- Admin reporting for compliance and tracking
- Relies upon users to remember to encrypt emails
- No transparent pricing
Cisco does not publish prices for Secure Email Encryption services, however, they do offer demonstrations and free trials of the product. Secure Email Encryption is also available as an add-on for Secure Email Essentials and is included with both Secure Email Advantage and Secure Email Premier.
Paubox Email Suite – Popular for Healthcare
More than 4,000 customers send 68 million emails monthly via the Paubox Email Suite that boosts major business email platforms with additional security and encryption functions.
- Automated email encryption
- HITRUST CSF certified
- Easy setup for existing Gmail, Microsoft 365 and Microsoft Exchange
- No training required because all emails are encrypted by default
- Also protects against email threats through security filters
- Send and receive encrypted emails without portals or passwords
- Seamless integration with existing
- Provides step-by-step instructions and support for integration with website forms and backstage areas of the domain
- Does not require portal logins, plugins, or app downloads
- Paubox provides a business associate agreement required for HIPAA compliance at no additional charge
- Dramatic difference between user and administrator dashboards can be confusing
- Generally focused on support for U.S. HIPAA compliance so international and non-HIPAA needs may not be directly supported
Paubox offers three versions of the Paubox email suite, Standard, Plus, and Premium. All versions have a free trial period, bill annually based on the number of users, and require a minimum of five users. According to their price calculator, prices start at:
- $29 / user / month Standard – Includes features for email encryption, HIPAA Compliance, security, analytics, and support
- $59 / user / month Plus – Adds inbound email security features
- $69 / user / month Premium – Adds data loss prevention features and an option for voicemail transcription
Proton Mail for Business – Best for Privacy
In 2014, 10,000 people crowdfunded Proton AG to create a fully secure and encrypted internet-based service in Switzerland. Proton has grown to offer secure email, privacy, calendar, and VPN solutions for individuals as well as for business.
- Bundled encrypted tools for business email, calendar, and VPN access
- Automated encryption for all services
- Business Admin Panel to easily manage employees and services
- Mobile Apps available for iOS and Android
- Third-party mail app integration for Outlook, Apple Mail and Thunderbird
- Account transfer option to transfer emails to different accounts
- Spam protection built in
- Self-destructing messages
- HIPAA and GDPR compliant
- Based in Switzerland, which maintains strict privacy laws
- Support for access from the anonymous Tor network
- More than 10,000 business use Protonmail
- Proton code is open source and independently audited
- Advanced search and filters for email sorting and prioritization
- Requires migration to Proton Mail
- Customers complain that the infrastructure cannot handle high volumes
- No telephone support
- Email filters and interface can be clunky
Proton Mail offers three levels for their Business service priced per user per month with significant discounts for 12-month and 24-month billing. Organizations that want to test Proton Mail can sign up for a free individual account to test the user experience.
All accounts come with contact groups management, calendar sharing, unlimited folders, labels, and filters. Business monthly pricing starts at:
- $7.99 Mail Essentials
- 10 email address per user
- 3 custom email domains
- 1 VPN connection in total
- 15 GB storage per user
- $12.99 Business
- 15 email address per user
- 10 custom email domains
- 10 VPN connections per user
- 500 GB storage per user
- Adds unlimited Hide My Email aliases
- Enterprise (contact Proton Mail for a quote)
- Tailored interface
- Dedicated account manager
- Unlimited storage per user
Top Application Layer Encryption Software
The modern IT environment includes containers, web servers, database servers, and other infrastructure that integrate with third party applications and services (shopping carts, credit card processing, etc.). Static encryption of data at rest does nothing to protect this data in active use.
For fully controlled applications and databases, organizations can write code and adjust database settings to encrypt or tokenize the data within the software. Third-party applications require other technology, such as Application Layer Encryption (ALE) solutions that maintain encryption within the application layer so that there is no opportunity for unencrypted data to be leaked.
Opaque – Best for AI Collaboration
Opaque provides a platform to share encrypted data between applications for collaborative analysis and artificial intelligence processing.
- Encrypts source data into a trusted execution environment
- Encrypted data analytics and machine learning at scale
- Secure collaboration without decrypted data leaks
- NIST-approved encryption
- Multi-tiered security across enclave clusters and confidential VMs enable data sharing with reduced risk
- Securely shares data from diverse sources
- Uses cloud scaling for high-performance processing on encrypted data
- Enables secure inter- and intra-company collaboration and analytics
- Protects against side-channel attacks
- Very specific application layer encryption for analytics, may not be suitable for all application-layer or data-in-use needs
Thales – CipherTrust Application Data Protection
The Thales Group combined Vormetric Application Encryption technology with the SafeNet ProtectApp solution to create the CipherTrust Application Data Protection products. The solution requires the purchase of several tools, but organizations can select SDK or RESTful application encryption solutions.
- Centralized Key Management through the Vormetric Data Security Manager
- SDK encryption through Vormetric Application encryption on app servers
- RESTful encryption through a Vormetric Tokenization server connected to independent app servers
- Flexible options for crypto functions and encryption algorithms
- Automated key rotation built-in for all functions except hash
- Options for a variety of encryption solutions to enable end-to-end encryption (data at rest, data in motion, secure file sharing, etc.)
- Streamlines encryption implementations
- Secures cloud and big data environments
- Fine-grained authorization for access and encryption key use
- Built-in security for DevOps and DevSecOps
- Requires multiple licenses and products to create a solution
- Complex fields and options need to be managed to avoid misconfigurations and missouts
- DoS or DDoS attacks can render associated apps unusable
Thales does not publish pricing, but it enables contact to their sales team to obtain a quote.
Vaultree – Best for Encrypted Searching
Vaultree encrypts data for storage in databases and then encrypts future queries as well to perform encrypted searching. The Vaultree software development kit (SDK) provides plug-and-play encryption for any database client.
- Programming language agnostic
- Once encrypted, never decrypted
- Full customer control of cipher options and key management
- Proprietary encryption algorithms
- Queries are received and delivered to the client in plain text, but processed and stored encrypted
- No need to change data access codes
- Reduced storage overhead, processing power, and time because of the far more limited encryption requirements
- Only provides a solution for database queries, not other applications
Vaultree does not list pricing, but does offer free demos.
Top End-to-End Encryption Solutions
The largest enterprises have complex and varied encryption needs and seek multi-faceted solutions capable of providing encryption solutions from one end of the organization to the other. The tools in this category offer multiple types of encryption to solve a variety of problems for growing organizations.
IBM Security Guardium
IBM offers a suite of Security Guardium products to enhance data protection including several encryption solutions: Guardium Data Encryption (GDE) and Guardium Key Lifecycle Manager. These tools work with other IBM offerings such as hardware security modules, certificate management, and IBM Cloud key management services.
- Guardium Data Encryption
- Many components and options for file and database encryption, live data rekeying and encryption, container encryption, data tokenization, encryption tools for developers, batch data encryption/decryption, and more
- Encrypts data at rest and in-use
- Detailed logging of data access
- Directory-informed encryption levels use Active Directory (AD) and other lightweight directory access protocol (LDAP) tools to manage user and group access
- Guardium Key Lifecycle Manager
- Flexible key exchange support using KMIP, IPP and REST
- Automated full key lifecycle support: initialization, activation, rotation, and deletion
- Strong administrator access control with the ability to create segregated duties based upon levels of security, domains, groups, devices, and more
- Cryptography options start at FIPS 140-2 Level 1, but level-2 and level-3 validated hardware can further enhance security
- Wizard-based assistance for expedited deployment
- Lightweight, flexible deployment with a mere 8 GB of RAM and a single dual-processor core for most usage requirements
- Addresses data security and privacy regulations such as GDPR, CCPA, PCI DSS and HIPAA by employing methods to de-identify data, such as tokenization and data masking
- Centralizes encryption and encryption key configuration and policy management
- Encryption for files, databases, and applications
- Manages the encryption key lifecycle with secure key generation and automated key rotation
- Integrates with IBM solutions and many 3rd party tools and services
- Enterprise scale often means lengthy and complicated integration processes and higher costs
- Multiple licenses and components will be required for comprehensive security
- Some reports may not be satisfactory and require modification
- Data classification is powerful, but does not provide incremental results so future classification reports cannot recognize changes or added data
- End-to-end encryption makes debugging very difficult
For all IBM Security Guardium products, the pricing will depend upon existing or planned configurations as well as the licenses for the selected offerings. Interested organizations will need to contact IBM to understand which licenses suit their needs and the estimated cost for those licenses. IBM also provides consulting services for the implementation and integration of their products directly and through a network of partners.
Micro Focus CyberRes Voltage
Micro Focus, now wholly owned by OpenText, offers a suite of tools under the CyberRes Voltage brand name for data management and security. Within the portfolio, customers can obtain encryption options for end-to-end encrypted email, secure file collaboration, and transparent file encryption.
- Encases files in Smart Cipher encryption that enables a security policy that travels with the file wherever it may be sent or moved
- Embedded access and use controls
- Automatic file discovery and classification based upon content rules, regular expressions, location, user profile, or customizable dictionaries
- New file detection dynamically analyzes content during creation so new files encrypt automatically according to established policies
- Real-time monitoring, alerting, and reporting of files with sensitive data for data protection and compliance
- Platform, application, and OS agnostic file protection even for files sent out via email or uploaded to file sharing platforms (OneDrive, Box, etc.)
- Easy-to-create policies by users and group for the level of access to a file
- Deploy as-needed and roll out to specific users or specific data over time with dynamic policy implementation and synchronization
- SecureData Enterprise
- Cloud-native data protection and integration with all major cloud services such as object storage, data warehouses, API Gateways, serverless compute, managed Kubernetes services, etc.
- Enables secure analytics through just-in-time and policy determined decryption
- Reversible or one-way obfuscation
- Reports data events to security information and event management (SIEM) and other tools for monitoring and compliance reporting
- Big Data tool enables multi-cloud data portability and cloud analytics
- SecureData Mobile
- End-to-end mobile data security for sensitive information
- Native libraries for iOS and Android developers
- Stateless key management eliminates operational complexity and derives keys on the fly
- SecureData Payments
- Secure Stateless Tokenization (SST) technology enables advanced protection for payment card data by eliminating vulnerable token databases and enabling decentralized security
- Reduces scope for PCI investigation and potential hacker targets through technology that does not require token databases or separately stored cardholder information
- Format-preserving encryption and data masking for analytics
- High availability and throughput to enable high-performance operations and payment processing with tokenization in-memory, no software prerequisites, and linear scalability
- One-to-one mapping of primary account number inputs and replacement token in all managed servers and data centers
- Protects web browser data by encrypting or tokenizing data as it is entered into the browser
- End-to-end data protection across all platforms (Gmail, Outlook, Android, etc.)
- Desktop, cloud and mobile availability
- Encrypts email and attachments
- Stateless key management uses identity-based encryption (IBE) so recipients do not need to take special steps to view files
- Searchable secure mail maintains protection but enables indexing, search, view, and discovery for security or legal e-discovery investigation
- Flexible deployment to on-premises, cloud, or hybrid hosted environments and works seamlessly with Office 365, BlackBerry Enterprise Server, and more
- Regulatory compliance workflow enablement with simple user experience and administrator oversight
- Different licenses allow for organizations to only select the options needed
- Patented privacy-by-default technology
- Protects both structured and unstructured data
- Protection for data in use, at rest, in the cloud, and in analytics
- Integrates well with other Micro Focus products and with third-party tools through APIs
- Centralized encryption management
- Uses AES256 encryption
- Enables diverse compliance requirements such as PCI DSS, HIPAA, GDPR, KVKK, POPI, and others
- Requires the purchase of multiple licenses to obtain full coverage
- Encrypted emails difficult to read on mobile
Pricing can be found for an annual license for up to 50 users of Voltage SecureMail Cloud is priced at $99 / user. However, Micro Focus offers different licensing schemes for Academic, Business, Government, Hosting, and Non-Profit customers so direct contact with Micro Focus or their resale partner will probably be the best option to avoid confusion.
Founded in 2011 by two ex-employees of the US government, Virtru builds on the Trusted Data Format (TDF) standard developed by co-founder Will Ackerly. Serving over 7,000 customers, Virtru’s data-centric security enables zero-trust, granular policy controls for data throughout an organization’s ecosystem to enable email and file sharing with end-to-end encryption.
- Built-in DLP provides data loss protection (DLP) even if data is shared
- Encrypted search supported
- Dynamically change access controls or revoke data access at any time
- Wide compliance support and reporting for standards such as GDPR, HIPAA, FedRAMP, ITAR, and more
- Advanced options for customized DLP policy protection, actionable intelligence, identity management, branded logo, etc.
- Optional Integration for Google workspace/cloud, Zendesk, Salesforce, SIEM tools and more
- Centralized administrator control center for security access controls and key management
- 0Auth support for Google and Microsoft 365 and SSO support
- Simple pricing packages for clarity and ease of planning
- End-to-end file sharing and email protection
- Easy to use and check if Virtru is active
- Users can pull back emails after sending by revoking access permissions at any time
- No application security or in-use protection
- Users report email connection issues that may cause connection issues or usability problems
- Some email servers classify Virtru emails as spam
- Images in the body of the email (content, signatures) become converted into attachments and affect readability
Virtru provides three levels of pricing: Starter, Business, and Enterprise. Prices for Starter and Business are listed, but enterprise requires a custom quotation. Prices are quoted on a monthly basis assuming five users and annual billing:
- $87 / month Starter
- Virtru for Gmail, Google Drive, Microsoft Outlook
- Privacy controls for email and basic file workflows
- DLP safeguard
- Online support
- $104 / month Business includes all Starter features plus:
- Secure Share file sharing
- Add additional compliance support for CJIS, CMMC, ITAR, FedRAMP
- Optional integration to Google workspace/cloud, Salesforce, SIEM tools, and other 3rd party apps
- Customized DLP
- Advanced identity management, private key storage
- Google Vault integration for e-discovery obligations
- Add logo for branded experience
- Unlimited file sizes and bulk decryption
- 90-days of audit logs
- 99.90% guaranteed uptime
- Enterprise delivers all Business features plus
- One year of audit logs
- Platinum technical support with a dedicated customer success manager
- Deployment support
Quantum Encryption Solutions
While quantum computers now ship for prices between $5k and $15 million USD, most quantum chips still produce errors and encounter stability issues. These issues indicate the true threat of breaking standard encryption with quantum computers to be a few technology generations away.
However, data stolen now might be encryptable in the near future, so many organizations with high security concerns look to develop quantum-safe cryptography ASAP. The US National Institute of Standards and Technology (NIST) recently approved quantum-safe cryptographic algorithms, but AES-256, SHA-256, and SHA-3 can still be quantum-resistant with larger key sizes and outputs.
Dozens of companies already exist selling various solutions for quantum-proof encryption, but without the computers and the expertise available to test these technologies, most of us need to take their marketing claims at face value – never the best option. For now, we’ll briefly cover a handful of solutions and look forward to providing a more formal product analysis as the technologies evolve.
Entrust Public-Key Infrastructure (PKI) as-a-Service already manages cryptographic keys for their clients. In preparation for a post-quantum world, Entrust offers post-quantum product trials to test migration to quantum-resistant algorithms.
IBM z16 Hybrid Cloud Serverssupport lattice-based digital signatures based on CRYSTALS-Dilithium Digital Signature Algorithms that rely upon polynomial matrix calculations instead of prime numbers. Currently, the two CRYSTALS algorithms supported by the z16 servers have been determined to be quantum-computing-resistant algorithms.
Toshiba Quantum Key Distribution creates a physics-based quantum decryption-proof delivery of one-time encryption keys to ensure unhackable information delivery between a sender and receiver. Toshiba recently set a record for distance with reliable quantum key distribution over a distance of 100km using commercial fiber cable. While this enables secure communication within a city, it would not even reach halfway between Boston and New York.
Encryption Pros, Cons, and Cautions
What Are the Advantages of Encryption Software?
Primarily, encryption protects data from the inevitable compromise. Scrambled data becomes less useful to competitors and adversaries and protects against regulatory risk. Encryption can also protect an organization from internal risk by making data less valuable to tempted employees. Many compliance protocols require encryption of some sort to protect data.
What Are the Disadvantages of Encryption Software?
The added security of encryption comes with a host of trade-offs such as added expenses, effort, and time for implementation, management, and maintenance. Encryption processes can also lead to decreased performance and increased user complaints.
Encryption Tools & Software Cautions
Encryption done poorly undermines expected protections. For example, encrypted data is only as secure as the encryption keys used in the encryption process, so poor key management can render encryption useless.
Additionally, some encryption algorithms only encrypt data at rest, so once an encrypted file is opened, the temporary file created by the application may not encrypt the temporary file also stored in that folder. That file can sometimes persist and allow for data to be stolen even though the file itself is re-encrypted. Better tools encrypt the data in use or also encrypt temporary files.
Encrypted files can also complicate security and legal investigations by increasing the complexity of the tools, time, and costs associated with inspecting the data. However, better encryption tools build-in features for encrypted search, e-discovery functions, or integration with security tools.
How This List of Encryption Solutions Was Selected
Market research was performed on the encryption category to determine popular solutions. Based upon product reviews, industry discussions, and industry rankings, the list was narrowed to top candidates and those candidates were classified by their capabilities and focus.
Tool features particularly the critical functions that centralize encryption controls and key management were used to roughly rank competitors. Other aspects such as price, prominence, integrations, and extra features helped us make the final list.
A large number of vendors offer features and functions for various types of encryption. Encryption also is frequently added as features of other tools such as endpoint detection and response and the encryption market continues to evolve rapidly so we can expect this list to change in the future.
Bottom Line: Encryption Dramatically Lowers Risk
Encryption provides meaningful baseline security throughout an organization, meets many compliance requirements, and dramatically lowers the risk that stolen data can be exploited. Like all security tools, misuse or unreasonable expectations can undermine security or leave gaps, but these limitations should not cause an organization to hesitate to adopt the technology.
The continuous rise in data theft, especially through ransomware attacks, should encourage every organization to adopt encryption as a fundamental tool to strengthen the security stack. The increasing adoption of encryption also suggests a point in the near future where a breached organization without encryption in place will be found negligent by investigators and within courtrooms.
- Disk vs File Encryption: Which Is Best for You?
- New Quantum-safe Cryptography Standards Arrive None Too Soon
This article was originally written by Drew Robb on August 4, 2022. It was updated by Chad Kime on February 21, 2023.
Get the Free Cybersecurity Newsletter
Strengthen your organization’s IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices.