Most modern encryption systems are key based. To keep data usable only to those with permission to access it, an encryption key uses an algorithm to encode readable data into unreadable data. When a credentialed person or machine is ready to access that data, a decryption key is used to make it readable again.
Key-based encryption methods may be adequate today, but they have a number of weaknesses that will make them less effective as threats to data security grow more numerous and sophisticated. Those challenges include:
- When an encryption key is lost—the data it’s been used to encrypt is effectively lost as well.
- Key-encrypted data must be decrypted while it’s in use, leaving it less secure any time it’s being worked with.
- While key-encrypted data is currently practically impossible to decode without the right decryption key, emerging technologies will likely make it easier for determined adversaries to crack.
As cyber adversaries become more sophisticated and enterprise mobility, cloud, and Internet of Things technologies are more broadly and thoroughly embraced by federal agencies, more powerful encryption methods will be necessary. Organizations will need to prepare for the adoption of superior emerging encryption technologies as they become available for practical use.