It’s been a couple of decades since data tapes delivered by trucks made encryption a standard enterprise cybersecurity practice. Yet even as technology has changed, sending and receiving data remains a major vulnerability, ensuring encryption’s place as a foundational security practice.
Attackers can intercept data transfers, and from there gain access to all manner of sensitive data. Thus, data in transit, as well as data at rest, should be made indecipherable via strong encryption. By encrypting data, it can only be accessed with the right password and by those with the appropriate access rights. This adds a vital extra layer of security.
Encryption technology has evolved over the years to cover data in use, and the emerging power of quantum computing has given rise to quantum cryptography. That may seem a little futuristic, but it’s something enterprises need to be thinking about today.
Here we’ll look at some of the best data encryption products on the market today, as well as the major changes and trends in encryption technology.
What is Encryption?
Encryption is all about scrambling data to prevent unauthorized parties from being able to understand what is contained in the information. It takes regular text and converts it into an incomprehensible series of letters, numbers, and symbols. Some kind of cryptographic key is needed to both encrypt and decrypt the data. Such complexity is normally shielded from users. All they need is the right way to access the data.
Hackers, on the other hand, need to crack the code to reveal what the data contains. You may have seen passwords getting longer and more complex in recent times. This stems from how easily cybercriminals can figure out passwords and decrypt data or gain access to systems using a brute-force approach. Encryption algorithms and technologies, therefore, have to stay ahead of the pace of the brute force technology used by hackers.
Encryption Trends: Quantum & Post-quantum
Modern encryption algorithms require a lot of processing power to break. They were once thought hacker-proof, but the bad guys steadily upped their game and they, too, now pack a lot of processing power into their nefarious tools. The advent of quantum computing has given them far more juice to crack traditional encryption methods. That has given rise to quantum cryptography, also called quantum encryption.
Quantum cryptography generally refers to QKD, or quantum key distribution. QKD involves hardware devices that leverage quantum entanglement to generate and exchange random numbers. By using entangled particles, QKD allows keys to be shared between those devices in a way that was thought at one point to be unhackable.
“QKD is an exciting technology with applications in highly sensitive data transmission, but the current drawback is that it is range-limited,” said Rebecca Krauthamer, Chief Product Officer at QuSecure.
Another quantum property concerns the no-cloning theorem. In telecommunications, repeaters are used to extend the range that a signal can travel. The no-cloning theorem explains why you can’t build repeaters for QKD transmission because the process of copying and/or amplifying a signal would mean you would have to collapse and measure that quantum state, and in doing so you lose the secrecy benefits you are looking for with QKD.
To solve that dilemma, post-quantum cryptography (PQC) has emerged. It is encryption much like the cryptography in use today but based on mathematical problems that are prohibitively hard for quantum computers to solve.
“It is a bit confusingly named, and a more accurate name for PQC might be pre-quantum or anti-quantum cryptography since it is meant to defend data against quantum computing hacks,” said Krauthamer. “A common misconception is that PQC is itself a quantum technology. PQC does not need any quantum computing technology to run effectively; it’s written in familiar coding languages like C and runs on today’s systems.”
Modern encryption leverages hard math problems that would take even today’s most powerful supercomputers thousands of years or more to solve. But back in 1994, mathematician Peter Shor devised an algorithm showing that a (what was at that time theoretical) quantum computer could easily solve that same math protecting our data as it travels over networks. Post-quantum cryptographic algorithms address this threat as well as other current decryption threats by leveraging clever math that neither classical nor quantum computing logic is good at solving.
New Quantum Encryption Standards
Just last month, NIST announced new standards for post-quantum public key encryption and digital signatures. The move is evidence of a growing demand to get ahead of the quantum computing threat. But if we don’t yet have a quantum computer that can break current public key encryption, why do we have to worry about post-quantum encryption? The answer is scarier than you think.
“The first major reason is that we don’t have a good sense for when such a quantum computer will be available, and since this type of upgrade takes time, it is important to start sooner than later so we aren’t caught flat-footed,” said Krauthamer. “The second reason is store now decrypt later (SNDL) attacks when a bad actor intercepts encrypted data and stores it until they have the computing power to break it.”
In other words, encrypted data stolen now won’t be safe forever. For data with a shelf life – electronic medical records, bank account information, and national security secrets, for example – where that data will still be valuable in several years, it is critical to get the right encryption in place today to protect that data from being leaked in the future. That’s one of the reasons why the White House recently put out two executive memos mandating that government agencies upgrade to post-quantum encryption. These memos will likely not only impact the security landscape at the government level, but also industries that work closely with the U.S. government and other highly regulated sectors like finance and healthcare.
“Organizations will need to start the process of upgrading encryption sooner than later,” said Krauthamer.
Data in Use Encryption
Another way encryption technology is advancing is through the encryption of data as it’s being processed and analyzed. Long called homomorphic encryption, or just data in use encryption, the technology has made major strides in recent years. IBM, Google and Microsoft have been among the big names developing and promoting homomorphic technology, and one startup is even pushing data in use encryption as a defense against data exfiltration common in ransomware attacks. That startup – Titaniam – bills itself as “the only practical and scalable data-in-use protection solution,” so it’s one to watch.
Top Encryption Software
There are far too many encryption tools to cover them all here. This list contains both traditional encryption tools that offer file encryption for data in motion and at rest, as well as newer quantum cryptography and post-quantum tools. It also contains a couple of open-source alternatives. While our focus here is primarily on encryption tools offering features appealing for enterprise use cases, also see our list of the top full-disk encryption tools.
Encryption is also often included in EDR solutions.
Opaque Systems enables machine-learning and analytics on end-to-end encrypted data in the cloud. This is made possible by a combination of secure hardware enclaves and cryptographic fortification. The benefit to organizations is that they can share confidential data with each other while also ensuring compliance with data privacy regulations.
“For example, today financial institutions can’t share transaction data or Personally Identifiable Information (PII) with each other, which makes it hard to identify or stop crimes like money laundering or loan stacking,” said Ashish Kakran, Principal, Thomvest Ventures. “In cases when such data is breached, heavy fines are imposed because of consumer-friendly regulations like CCPA and GDPR. With Opaque, confidential data can be shared internally or externally while being fully compliant.”
- Data sharing while staying in compliance.
- The creation of secure and isolated execution environments.
- Only the trusted application can access the data in-memory and no other application.
- Cryptographic fortification protects data against side-channel attacks while providing guarantees that unauthorized users have not accessed sensitive information.
IBM Security Guardium Data Encryption (GDE) consists of a unified suite of products built on a common infrastructure, including data encryption, tokenization, data masking, and key management.
- Protects and controls access to data across hybrid multi-cloud environments.
- Addresses data security and privacy regulations such as GDPR, CCPA, PCI DSS and HIPAA by employing methods to de-identify data, such as tokenization and data masking.
- Manages the encryption key lifecycle with secure key generation and automated key rotation.
- Protects data wherever it resides.
- Includes user access policies, data access audit logging, and key management capabilities.
- Centralizes encryption and encryption key configuration and policy management.
- Encryption for files, databases, and applications.
AxCrypt Premium lets users and IT encrypt files with the AES-256 encryption algorithm. It protects sensitive and classified information of all levels and simplifies the process of securing folders via automation.
- Helps in sharing secured files with others via key sharing, even with access to cloud storage in Dropbox and Google Drive.
- The AxCrypt mobile app can encrypt and decrypt files via the phone from anywhere and at any time.
- Password management and password generator to keep all passwords safe in the cloud.
- Automatically encrypts files in secure folders using AES-256.
- Encrypts and decrypts both on desktop and mobile.
- Secure files online with cloud storage awareness.
VeraCrypt is a free, open-source disk encryption software that can be used on Windows, Mac OSX, and Linux systems. It was developed by Idrix and is based on TrueCrypt 7.1a.
- Creates a virtual encrypted disk within a file and mounts it as a real disk.
- Encrypts an entire partition or storage device such as USB flash drive or hard drive.
- Encrypts a partition or drive where Windows is installed including pre-boot authentication.
- Encryption is automatic, real-time, and transparent.
- Parallelization and pipelining allow data to be read and written as fast as if the drive was not encrypted.
- Encryption can be hardware-accelerated using the latest processors.
Trend Micro Endpoint Encryption encrypts data on PCs, Macs, laptops, desktops, USB drives, and removable media. It is available as a separate agent and combines enterprise-wide full disk, file/folder, and removable media encryption to prevent unauthorized access and use of private information.
- One management console to manage users for endpoint protection, encryption, and other Trend Micro security products.
- Data is protected as mobile computing devices and organizational needs change.
- Encrypts private data with fully integrated full disk, file folder, USB, and removable media encryption.
- Leverages flexible hardware and software-based encryption across mixed environments.
- Supports self-encrypting TCG OPAL and OPAL 2 SED drives from Seagate, SanDisk, and Intel.
- Enables automatic and transparent encryption without performance degradation.
- Manage the encryption policy alongside all endpoint security policies.
- Automates policy enforcement with remediation of security events, without the burden of encryption key management.
NordLocker Cloud is compatible with all file types ranging from PDFs to video and more. It can be used to sync data and access it privately.
- Easy to use via drag and drop automatic encryption.
- Opens files and decrypts them directly into the app.
- Enables secure file sharing.
- Access control.
- Both local and cloud lockers available.
- Offers protection for shared computers via unique encryption keys for each user of that machine.
Bitdefender offers a host of tools., many of them packaged into suites. GravityZone Full Disk Encryption can be bought alone or as part of a much larger suite. Its native encryption module can be added on to any of Bitdefender’s endpoint security tools.
- Encrypts boot and non-boot volumes on fixed disks, desktops, and laptops.
- Remote management of encryption keys.
- Centralized handling of device encryption to ensure compatibility and performance.
- Ensures compliance with security standards for data at rest such as GDPR, HIPAA, PCI DSS.
- Provides encryption-specific reports to help prove compliance for auditing purposes.
- Fully encrypts each endpoint’s hard drive and reduces the risk of accidental data loss or theft.
7-Zip is another free, open-source encryption alternative. Much of its code is under the GNU LGPL license, with other parts under the BSD 3-clause License and the unRAR license. Thus, it is primarily aimed at those very familiar with open-source tools and licensing.
- Can be used on any computer, including in commercial organizations.
- No need to register or pay for 7-Zip.
- High compression ratio.
- Supports a wide range of formats.
- For ZIP and GZIP formats, it provides a compression ratio that is said to be up to 10% better than the ratio provided by PKZip and WinZip.
- AES-256 encryption.
Micro Focus Voltage SecureData
Micro Focus bills Voltage SecureData as a cloud-native solution that’s useful for secure high-scale cloud analytics, hybrid IT environments, payment data protection, SaaS apps and more.
- Protects both structured and unstructured data.
- Protection for data in use, at rest, in the cloud, and in analytics.
- Encryption and tokenization for PCI and other compliance use cases without the need for a database or token vault.
- Protects Big Data analytics in the cloud and on-premises.
- APIs allow for integration into a wide range of environments and applications.