In our first post of this 6-part series about Security-of-Security, we suggested that you think about the importance of the data in your physical security system, specifically about the kind of information it contains and what that information allows people to do. In this week's post, we're going to look at what you can do to keep your data out of the hands of unauthorized users.
As you know, when we talk about the Security-of-Security, we're talking about securing all aspects of your physical security system-including communications, servers, and data. You should be able to keep your entire system safe from cyber-threats and attacks as well as illegal or unauthorized access. Business solutions have three tools at their disposal to ensure complete security - encryption, authentication, and authorization.
Your First Tool: Encryption
Encryption is the process through which data is encoded so that it remains hidden from or inaccessible to unauthorized users. It helps protect private information, sensitive data, and can enhance the security of communication between client apps and servers. In essence, when your data is encrypted, even if an unauthorized person or entity gains access to it, they will not be able to read it.
The process itself is fairly straightforward. To encrypt data, an encryption key uses an encryption algorithm to translate (encode) plaintext or readable data into unreadable data or ciphertext. Only the corresponding decryption key can decode the scrambled ciphertext back into readable plaintext. How the encryption is done and what type of encryption is used gets much more complex.
There are two types of encryption algorithms: symmetric and asymmetric. With a symmetric algorithm, both encryption and decryption keys are the same, so the same key must be used to enable secure communication. Symmetric algorithm encryptions are commonly used for bulk data encryption and are fast and easily implemented by hardware. The downside is that anyone with that decryption key can decrypt your data even if it is not intended for them.
In asymmetric algorithm encryption, two separate but mathematically linked encryption keys are used. A public key is used to encrypt the data and can be distributed while the private key is used to decrypt the data and, therefore, is kept private. The reverse also works; a private key can be used to encrypt data while decryption is handled by a linked public key.
Through the use of a private key, asymmetric encryption eliminates the preliminary exchange of secret keys, allows for public keys to be shared with anyone, and provides an underlying architecture for digital certificates, digital signatures, and a Public Key Infrastructure (PKI). The disadvantages are that it is slower than symmetric algorithm encryption and that it requires greater computation power.
In upcoming posts, we'll look at the other key tools at your disposal to keep your system safe. These include authentication and authorization. The next blog in the series will focus on authentication, the process of determining if an entity-user, server, or client app-is who it claims to be.