Styles of Encryption

There are 3 styles of encryption that use AES certified software. Each style of encryption has advantages and disadvantages. Only you can determine which style is right for you.

Advantages

  • Your files are portable and can be e-mailed without decrypting them first.
  • You can share keys with others in your office and thereby share files that are encrypted.
  • The decryption process does not slow your computer down since, unlike FDE, you don’t have to decrypt your programs as well as your files.
  • Protects against viruses and spyware.
  • 2 factor encryption. File encryption allows you to keep your key separate from your computer. If your computer is stolen, but you have the key, the data is useless to the thief.

Disadvantages

  • If a user does not save a new file in a designated folder, it will not be encrypted unless he encrypts it manually.
  • You must double click on the file you want to open instead of choosing it from the Open File drop down menu. Many people open their files in this way anyway; in which case this is not a disadvantage.
  • Unless your database is small, File Encryption is cumbersome to use with a database. If your main purpose for using encryption is to secure data kept in a database, you are much better off with Full Disk Encryption. Keep in mind that if you wish to keep your back-up of the database encrypted, you will need to use a File Encryption program since Full Disk Encryption cannot do this.

Extra Advantages

APO file encryption running with APO Server

  • Split key technology for added security.
  • Single use keys for e-mailing clients.
  • Automated key selection for e-mailing clients.
  • Automatic escrow of encryption keys for added safety.
  • Automated key sharing for the whole office and for groups within the office (e.g.: human resources key).

Advantages

  • Encrypts everything on your hard drive. No matter where a file is saved it will be encrypted.
  • A file is never decrypted. Even when working on a new document in Word, the files remains encrypted on your hard disk. Only the portion of the file currently in use is stored decrypted in memory.

Disadvantages

  • Encrypts everything on your hard drive. Even your programs are encrypted. The process of opening a Word document now requires that the Word program, and all of its supporting files, first be decrypted.
  • Does not protect against spyware. FDE does not care what program or who calls for a file. Once the user has logged on, spyware can look for any Excel or other file and send it out via the internet. The file requested by the spyware will be automatically decrypted before it is sent out.
  • Some FDE software will not allow for 2 factor encryption. The key must reside on the hard drive. Your data is then only as safe as your password is strong.

Advantages

  • Vaults are often undetectable. When crossing boarders, an inspector would not see the vault, nor the files within it.

Disadvantages

  • You must drag files into the vault after they are saved. This adds a time consuming extra step.
  • The original file is not shredded. You would have to buy shredding software separately, and run it each time you dragged a file into the vault.

Types of encryption

I think you will agree that if you are going to make the effort to encrypt data, you should use encryption that is secure and you should be absolutely positive that it works.

There are many types of encryption out there but only one that is used by governments, militaries and is required by HIPAA. AES encryption is the standard. Many of the other types of encryption such as 3-DES and Blowfish have been cracked and are no longer considered safe.

It doesn’t cost any more, so insist on the AES standard.

Certification

Encryption algorithms are actually quite difficult to implement correctly. Not every programmer is going to be able to get it right.

This is why you should be sure your encryption software has been certified. Once again, governments, militaries, and HIPAA all require certification, why wouldn’t you?

Without certification, you cannot know if your encryption is working. That is why the US, British and Canadian governments got together to set up labs that will review the code and test the software. Once software has been certified by one of these labs, it will display the FIPS (Federal Information Processing Standard) certification, as well as a certificate number. That number allows you to go to the FIPS web site and compare your software with the certified software to ensure that it hasn’t changed since it was certified.

Once again, it doesn’t cost you anything extra for the peace of mind that certified software brings. Don’t settle for anything else.