Dozens of blocks imprinted with either binary data (blue 0s and 1s)

What is Encryption and how does it work?

May 2023

Encryption is a method of scrambling data so that it can’t be read by anyone except for authorized parties. The process of encryption converts plain text to cipher text using a cryptographic key. A cryptographic key is a set of mathematical values known and agreed to by both sender and recipient.

Decryption, or translation, of the encrypted data is possible for anyone in possession of the right key. That’s why cryptography specialists are constantly developing more sophisticated and complex keys. More secure encryption uses keys of sufficient complexity that hackers will find the process of exhaustive decryption (also known as 'brute force') to be functionally impossible.

Data can be encrypted when ‘at rest’ (in storage) or ‘in transit’ (while being transmitted). There are two major classifications of encryption: symmetric and asymmetric.

Symmetric encryption has only one key, and all parties use the same secret key.
Asymmetric encryption gets its name because it has multiple keys: one for encryption, and one for decryption. While the encryption key is public, the decryption key is private.

Why is data encryption necessary?

IA person in a suit and tie holds a tablet, touching the surface with a single finger. Overlayed are 5 white icons: a lock in a mobile phone, a lock in a PC monitor, a lock, a fingerprint, and an envelope.

Privacy: only the owner and recipient of the data can read it, preventing attackers, ISPs, even governments from intercepting sensitive data.

Security: encryption helps prevent data breaches; if a corporate device is lost or stolen but its contents are encrypted, the data will still be secure.

Data integrity: encryption also prevents malicious behavior like on-path attacks (intercepting information in transmission), as encrypted data cannot be viewed or tampered with along the way.

Regulations: many industry and government regulations require companies to encrypt user data, such as HIPAA, PCI-DSS, and the GDPR. US government agencies and contractors must use the FIPS (Federal Information Processing Standards).

Encryption algorithms

An encryption algorithm is how data is converted to cipher text. The encryption key is used by the algorithm to consistently alter the data so that even though it looks random, the decryption key can easily convert it back to plain text. Common encryption algorithms include AES, 3-DES, SNOW (all symmetric) and elliptic curve cryptography and RSA (both asymmetric).

Like all asymmetric encryption, RSA uses prime factorization (multiplying two very large prime numbers together). Cracking it is very difficult because the original prime numbers must be determined, which is mathematically taxing. Brute force cracking an RSA key is next to impossible.

Brute force

When a computer makes millions or even billions of attempts to crack a password or decryption key, it is called a brute force attack. Modern computers can go through these possible permutations incredibly rapidly. Modern encryption needs to be resilient to this kind of attack. The field of cryptography is a constant arms race between those developing faster ways to crack encryption, and those developing more sophisticated encryption methods.

Other types of encryption

An open red lock icon and black closed lock icons representing encryption are linked with network lines, white binary code overlay a laptop keyboard, and a modern cityscape collage.

Cloud storage encryption: data or text is transformed via encryption algorithms then put in cloud storage. Similar to in-house encryption except the customer needs to figure out how the provider’s different levels of encryption match up to their needs in terms of security/data sensitivity.

Deniable encryption: encryption with multiple possible means of encryption, used for misinformation purposes if data is likely to or intended to be intercepted in transit.

FDE (full-disk encryption): hardware-level encryption. Data on a hard drive is automatically encrypted and illegible to anyone without the proper authentication key. The hard drive is useless in any computer without the key.

BYOE (Bring Your Own Encryption): a cloud computing security model allowing customers to display a virtual instance of their own encryption software alongside their cloud-hosted application. Also known as BYOK.

EaaS (Encryption as a Service): a subscription service for cloud customers who can’t manage their own encryption. Includes FDE, database encryption, or file encryption.

E2EE (End to End Encryption): protects data in transit. Messages such as WhatsApp are encrypted by client software, passed to a web client, then decrypted by the recipient.

Field-level encryption: data in specific webpage fields that’s encrypted (e.g. SSNs, credit card numbers, health-related/financial data. All data in a chosen field will automatically be encrypted.

Column-level encryption: an approach where all cells in the same column have the same password for access and read/writing.

Link-level encryption: encrypts data when it leaves the host, decrypts at the next link, then re-encrypts it when it is sent on again. It doesn’t have to be the same key/algorithm at every link.

Network-level encryption: cryptoservices at network transfer level, is implemented through Internet Protocol Security (IPSec), which creates a private framework for communication over IP networks.

Homomorphic encryption: the conversion of data into cipher text that still permits analysis and work as if it were not encrypted. Useful for mathematical work that can be done without breaking the encryption.

HTTPS: allows website encryption by running HTTP over the TLS protocol. For a web server to encrypt the content it sends, a public key must be installed. Quantum cryptography: depends on quantum mechanics to protect data. Quantum-encoded data cannot be measured without changing the values of these properties (location and momentum). Any attempt to copy or access the data will also change the data, alerting authorized parties that an attack occurred.

Quantum cryptography: depends on quantum mechanics to protect data. Quantum-encoded data cannot be measured without changing the values of these properties (location and momentum). Any attempt to copy or access the data will also change the data, alerting authorized parties that an attack occurred.

How can encryption help your company?

Cybersecurity strategies need to incorporate data encryption, especially as more businesses take up cloud computing. There are multiple ways that encryption can support company operations.

Email encryption: since email is fundamental in organization-wide communication and business operations, bad actors target it for attack or inadvertent disclosures. Industries such as financial services or healthcare are highly regulated but enforcement can be hard, especially with email where end-users often resist change to standard operating procedure. It is possible to augment operating systems and common email clients with encryption software so that sending an encrypted email is as easy as sending one unencrypted.

Big data: continuous data protection for privacy compliance, secure cloud analytics, encryption and tokenization tech for cloud transfers, encryption can streamline multi-cloud operations by centralizing data-centric protection. Whenever sensitive data traverses multi-cloud environments, it will be encrypted by these technologies.

Payment security: merchants, payment processors, and enterprises alike have big challenges securing high-value sensitive data e.g. payment cardholder data so that they can comply with PCI DSS (Payment Card Industry Data Security Standard) and data privacy laws. However, encryption software can protect retail POS, web, and mobile ecommerce transactions.

In addition to the above services and protections offered by encryption, it provides confidentiality (encoding a message’s content), authentication (verifies a message’s origin), nonrepudiation (prevents credible denial of an encrypted message’s dispatch), and integrity (proves message contents are untampered).

Are there disadvantages to encryption?

Encryption is designed to lock unauthorized entities out of comprehending ill-acquired data. However, in some situations it can also lock out the data owner. Key management is tricky for enterprises because they need to live somewhere and attackers are often savvy about looking for them. Key management adds additional complexity to backup and restoration, as in the event of disaster, key retrieval and addition to backup servers is time-consuming. Admins must have a plan for key management system protection e.g. a separate backup that is easy to retrieve if a large-scale disaster occurs.

Software exists to streamline key management, such as key wrapping. This encrypts an organization’s encryption keys, individually or in bulk. They can be unwrapped when needed, usually with symmetric encryption.

While brute force attacks can be ineffective against high-bit keys, vulnerabilities do exist. Many attempts focus on gaining unauthorized access to keys via social engineering methods. That is to say, attacking not the system but the humans that maintain and interact with it. Phishing, malware, BadUSB attacks: there are many methods by which hackers can circumvent the security measures put in place to shield networks from external attacks by exploiting the fallibility of humans.

Software-based encryption is also considered to be less secure than hardware-based encryption. Software-based encryption is called 'removable encryption' by some, as it can potentially be circumvented by bad actors making physical attacks. Hardware-based encryption is often thought to be more secure, as it includes physical defenses to prevent tampering.

#KingstonIsWithYou #KingstonIronKey

Kingston IronKey Vault Privacy 80 External SSD
XTS-AES 256-bit encryption

USB 3.2 Gen 1

960GB, 1920GB, 3840GB, 7680GB

Up to 250MB/s read, 250MB/s write
Learn more Buy
Kingston IronKey D500S Hardware-encrypted USB Flash Drive
Military-grade FIPS 140-3 Level 3 (Pending) security

XTS-AES 256-bit hardware encryption

Available in a Managed model

USB 3.2 Gen 1

8GB, 16GB, 32GB, 64GB, 128GB, 256GB, 512GB

Up to 310MB/s read, 250MB/s write
Learn more Buy
Kingston IronKey Keypad 200 Series USB Flash Drive
Military-grade FIPS 140-3 Level 3 (Pending) security

XTS-AES 256-bit hardware encryption

Available in Type-A and Type-C USB

Device/OS Independent

8GB, 16GB, 32GB, 64GB, 128GB, 256GB, 512GB

Up to 280MB/s read, 200MB/s write
Learn more Buy
Kingston IronKey Vault Privacy 50 Series
Enterprise-grade Security

XTS-AES 256-bit hardware encryption

Available in Type-A and Type-C USB

USB 3.2 Gen 1

8GB, 16GB, 32GB, 64GB, 128GB, 256GB, 512GB

Up to 310MB/s read, 250MB/s write
Learn more Buy
Kingston IronKey Locker+ 50 USB Flash Drive
Consumer-grade security

XTS-AES hardware-encryption

Automatic personal cloud backup

USB 3.2 Gen 1

16GB, 32GB, 64GB, 128GB, 256GB

Up to 145MB/s read, 115MB/s write
Learn more Buy
Kingston IronKey S1000 Encrypted USB Flash Drive
On-device cryptochip

USB 3.1 Gen 1 (USB 3.0)

4GB, 8GB, 16GB, 32GB, 64GB, 128GB

Up to 230MB/s read, 240MB/s write

Complex password or passphrase security
Learn more Buy

- Data Security
- Encrypted USB
What is the difference between software and hardware-based encryption?

Our infographic showcases the differences between software and hardware-based encryption.
How to Securely Password Protect Files and Drives

Hardware, not software-based password protection, is the best way to protect files and drives.
2024: Technology Experts' Predictions

2023 has been a year full of challenges and innovations. But what will 2024 bring?
- Data Security
- Encrypted USB
How to Protect Your SMB from Ransomware

Learn about two methods that give SMBs superior resilience vs. ransomware: encryption & backups.
How to Allow USB Drive Access Without Compromising Endpoint Security

In this whitepaper, we explain how to enforce a DLP strategy, while allowing USB drive use.
Enterprise-Grade versus Military-Grade Security: What’s the Difference?

Enterprise-grade and military-grade digital security: two high standards with different requirements.
IP Ratings for a Product’s Resistance to Water, Dust, and More Explained

We explain the meaning behind IP (ingress protection) ratings for water and dust resistance.
A Secure Cloud In Your Pocket: Hardware-Encrypted Drives for Traveling Lawyers

Learn how hardware encryption can protect a travelling lawyer’s confidentiality with secure file storage.
The Benefits of Penetration Testing for Hardware-Encrypted Drives

How is pen testing ensuring Kingston IronKey USB drives lead the way in trusted data security?
25% Rise in Lost Devices Reveals a Data Security Threat for Commuters

Hardware-encrypted Kingston IronKey drives protects organizations’ data on the move.
Bring Your Own Device: Security Measures for Personal Devices in the Workplace

Bring Your Own Device (BYOD) policy is tricky for employers. How to balance security & convenience?
What is Data Loss Prevention (DLP)?

DLP offers tools for network admins to protect sensitive data from cybercrime and negligence.
The Hard Truth of Proper Security for Healthcare Data

A look at how the requirement of data encryption can be key to any organization's security strategy.
- Encrypted USB
- Data Security
Staying Secure When Remote or Traveling

How can we bolster network security with remote working and international travel so common now?
Encrypted USB Flash Drives: Cheaper Than Attorney Fees

Invest in encrypted drives so that if they are lost or stolen you are not on the hook for legal fees which can be more expensive.
Why Is Kingston IronKey Trusted by National Cybersecurity Organizations?

Discover why national security agencies trust Kingston IronKey to protect their data.
Hybrid Working Environments Will Mean Increased Data Vulnerability

A company’s IT specialists should be expected to add data security to the PCs of remote workers.
What You Need to Know When Building Your Data Loss Prevention Strategy

Kingston’s three key practices for a robust DLP for businesses handling sensitive data.
Using an Encrypted USB Flash Drive with an iPhone or iPad

You can read and write to an encrypted USB flash drive with an iPad or iPhone with the right adaptor. Here’s how.
Safeguard Your Law Firm’s Sensitive Data with Hardware-Encrypted Drives, not Software

Learn why hardware encryption beats software encryption for law firm data protection.
- Encrypted USB
- Data Security
The Benefits of Passphrases

Passphrases are superior to complex passwords for keeping data secure, with many powerful benefits.
- Data Security
- Encrypted USB
What is Data Security Software?

A brief explaining the purpose and types of data security software available.
- Data Security
- Encrypted USB
Secure Data in Transit

HIPAA requires healthcare organizations to always keep patient data safe, including in transit.
NYDFS 23 NYCRR 500 Cybersecurity Requirements

This requires encryption of sensitive data, appointing a Security Officer, cyber security programs and policy adoption.
Security for All Sizes – Proactive Protection from SME to Enterprise!

Kingston IronKey encrypted USBs are a security consideration for organizations of all sizes.
USB Storage: Does Hardware Encryption Prevent Risks?

We compare unencrypted and encrypted USB drives and explain how to keep data secure!
How an Energy Specialist Protected Their Partner's IP with Kingston IronKey

Learn how Kingston IronKey is protecting the intellectual property with customization.
How Does Kingston IronKey Protect Global Financial Services?

Discover why Kingston IronKey is the go-to solution for protecting financial services data.
Why Does the Military Rely On Kingston IronKey?

Learn how Kingston IronKey is securing the military operations’ data.
Using and Promoting Encrypted USB Flash Drives in Your Organization

How can you get your organization to use encrypted drives and make them part of your security policy? Here are some tips.
Prevent Telecoms Data Leaks in the Field with Kingston IronKey

Learn how Kingston IronKey is protecting the telecoms industry's data using encryption.
Encrypted Storage for Creatives

Encryption is an incredibly helpful option for creatives to protect their clients’ important files.
How Kingston IronKey Can Be a Strategic Performer

Kingston IronKey encrypted USBs: a small but important part of any organization’s security strategy.
Post-Pandemic Commuters are 22% More Likely to Lose their Devices

Kingston IronKey can help mitigate data loss resulting from the rise in lost electronic devices.
Why Are USB Drives Still Relevant Today?

In this eBook, we explore how encrypted USB drives have become a key tool in keeping data secure.
Setting Up Kingston IronKey^™ Vault Privacy 80 External SSD

How to use your IronKey Vault Privacy 80 External SSD: set password, connecting to a PC and more.
Protect Private Mobile Data in Healthcare

Organizations are considering data security options to protect against private mobile data breaches.
Finance Industry: Keeping Sensitive Data Safe with Kingston IronKey

Discover how Kingston IronKey is protecting the sensitive data of the finance sector.
Protecting Critical Data in The Energy Sector with Kingston IronKey Encrypted Drives

Here is how Kingston IronKey helped protect the sensitive data of the Energy industry.
Cybersecurity – How to Stay Ahead in 2022

We explore our KingstonCognate experts’ thoughts on cyberthreats and cybersecurity challenges.
Software Encryption and Regulatory Compliance: Less Expensive Solution with Major Security Risks

Software based encryption can be disabled by the user. This can lead to fines and legal fees if the drive is lost.
How to Stay Secure in a Digitized World

We explore Tomasz Surdyk's thoughts on how all entities can stay secure in the digitized world.
FBI Warns Hackers are Mailing Malware on USB Drives to their Targets

Don’t plug any USB drives into your computer if you don’t know exactly where they came from.
Transporting and Protecting Data Outside Your Firewall

Protection data on the move with superior hardware-based Advanced Encryption Standard (AES) 256.
- Data Security
- Work from Home
- Client
- Cloud
- SSD
- Encrypted USB
What Businesses Need in their Work-from-Home Enablement

What we learned from Kingston’s experts and tech influencers on work-from-home enablement Twitter chat.
Is Encrypted Storage Needed If You Use the Cloud?

There are benefits to using both cloud storage and hardware-based encryption.
Top 12 Tips SMEs Can Take to Enhance Cybersecurity

We explore the top 12 tips small and medium size enterprises can take to enhance cybersecurity.
Kingston’s 3 Predictions for the Data Center and Enterprise IT in 2022

We’ve examined several factors using unique research to identify what may impact markets globally in 2022.
2022: Technology Expert Predictions

2021 has been a year full of challenges and innovations. But what will 2022 bring?
How to Close the Security Gap for Small and Medium-Size Enterprises

Prof. Sally Eaves shares her thoughts on the SME cybersecurity landscape and the need for education & support.
Sustained Commitment Required for Cybersecurity

Bill Mew shares his thoughts how the largest security challenges need commitment from the boardroom.
21st Century Private Diary

Write your diary digitally with a password protected, cloud backup solution.
Data Loss Prevention in Our Remote Working World

The use of DLP software, VPNs, encrypted SSDs, and USBs will help mitigate some risks of remote working.
What is the difference between hardware vs software-based encryption for secure USB flash drives? - Kingston Technology

There are many advantages to using a dedicated hardware encryption processor in USB flash drives.
Influencer Tech Insights for 2021

What will 2021 bring in tech and trends? What do our KingstonCognate members and industry experts predict for the future?
Who Is Responsible for Cyber Security and Privacy?

Cyber security and data privacy are everyone’s responsibility. What are the key considerations?
Optimal Endpoint Security Explained and Explored in Partnership with Matrix42

Kingston & Matrix42 partnered to give optimal endpoint security solution in multiple sectors to mitigate risks.
7 Easy Tips to Increase Productivity While Working from Home

Having a dedicated workspace, setting priorities, and eliminating distractions are just a few ways to increase productivity from home.
C-Suites Need to Stop Taking Unnecessary Risks

Organizations must consider revenue, profit, and risk equally in order to mitigate data security & cyber security risks. In this article, industry expert Bill Mew provides an insight into this topic.
Twitter Chat: Security Experts and Privacy Discuss GDPR in 2020

What do industry experts think has changed since the introduction of GDPR?
Work From Home Tips and Tricks

To work from home you need a good workspace for your PC, the right conferencing gear, and a secure connection.
Data Protection and Cyber Security in a Post-GDPR Landscape - Kingston Technology

What strategies can organizations use to best secure customer data in a post-GDPR world with the ever-evolving nature of cyber security threats? Kingston pooled the knowledge of some of the UK’s most experienced commentators in cyber security to discuss how data protection has changed since the introduction of GDPR.
Understanding The Security Challenges of a Mobile Workforce

You already know that remote working is a business enabler. But the challenges posed to your network security and compliance with GDPR are too big to ignore.
Protecting and Securing your Network, Data, Computers and Company

The recent WannaCry ransomware made global headlines infecting and alerting everyone from government, healthcare, communication providers, automotive companies to corporations and the general public of their vulnerabilities.
Kingston / Ironkey Encrypted USB - Advantage Over BitLocker

Overall, Kingston / IronKey Encrypted USB Drives prove to be the best solution in reliability, compatibility and security for portable data protection solutions.
Major Recent Example of an Unencrypted USB breach

Case in point, Heathrow Airport in London (October 30, 2017) uses Unencrypted USB Drives for its non-cloud storage. Unfortunately, they were not standardized on Encrypted USB drives. Their lack of implementing proper standards in data security / data loss protection with encrypted USB storage has now cost the EU a major breach of confidential and restricted information.
Linus introduces the DataTraveler 3.0

Linus breaks down hardware encryption making sure your files are safe and secure, especially when you're on the go. Make sure your portable storage is also safe and encrypted with Kingston Encrypted USB drives.