Data security is a necessity for modern businesses, and encryption is one of the more common ways to protect sensitive information. But what kind of encryption is right for your business?
Advanced Encryption Standard (AES) is an encryption strategy developed for the US government in 1997, but it is available for any business that needs high-level security measures.
Why Did AES Replace DES?
AES was implemented in 2000 as a replacement for what’s known as the Data Encryption Standard (DES). At the time, DES was the most widely used encryption method, but as technology (and by association, cyberattack strength) advanced, DES quickly became outdated.
Both AES and DES are block ciphers, meaning they encrypt chunks of data rather than individual characters. This method ensures that identical text is encrypted differently each time it appears. That variance adds an extra level of protection for hackers who may find their way into a portion of your data.
Block ciphers use symmetric keys to encrypt and decrypt data. Symmetric means that both the sender and recipient must have the same private encryption key to package and view the data.
If the wrong key is used, the information remains a jumbled mass of nonsensical characters. Once the correct key is applied, the information becomes legible once again.
DES used a 64-bit block cipher, with a 56-bit key, so each plaintext block of 64 bits is encrypted as a single entity. (Bits are binary digits, or the zeros and ones that are used in computer programming languages). The encryption process goes through several rounds of changes to produce a heavily modified and unrecognizable version of the original, or plaintext, data.
Although the US government quickly adopted DES in the 1970s to protect its most sensitive information, over time, testing proved that technology had advanced beyond the protection capabilities of DES.
In the late 1990s, three tests were conducted where participants attempted to decrypt blocks of information without the key. The breach was successful each time, with the first test taking 84 days to complete, the second taking roughly a month, and the third taking less than one day. Today, it would take just 362 seconds.
One of the main takeaways from these tests was that the DES key size was too small. A longer key would make it more difficult for malicious parties to break the code and decrypt the data.
After weighing the advantages and disadvantages of several potential replacement systems via a public contest, AES encryption was selected as the new standard for government data security.
Why Is AES the Preferred Data Protection Method?
Block size and key length are among the many reasons for implementing AES. For example, while DES uses 64-bit blocks, AES encrypts data in 128-bit blocks. AES also handles this encryption at the byte level rather than bit level.
A byte is eight bits, so this results in faster encryption and decryption times when the proper key is applied.
Another strength of AES is its variable key length. The symmetric keys can be 128, 192, or 296 bits. The longer the key, the more difficult it is to hack.
Brute force attacks are when a malicious party attempts to obtain the key via trial and error. This is the only way to break AES encryption. A 256-bit key boasts 2256 possible combinations, making it nearly impossible to crack.
Once a key has been selected, it goes through the appropriate number of encryption rounds, where changes and substitutions are applied to the text. AES 128 uses 10 rounds, AES 192 uses 12 rounds, and AES 256 uses 14 rounds.
Each round of encryption involves steps such as substituting bytes, shifting rows, and adding keys. The more rounds a block of text goes through, the more difficult it is to decode without the proper key.
Of course, there is a tradeoff between the level of security and the amount of bandwidth required to support and process the encryption.
For example, 256-bit encryption will be a longer and more resource-intensive process than 128-bit, but the increased security and virtually impossible-to-crack key make it a highly preferred method of securing data.
Is AES Encryption the Right Choice for Your Company?
AES was developed to provide the highest level of security for the most sensitive data. The National Security Agency (NSA) and other agencies selected this method as the US government’s security standard due to its extensive, impenetrable protection. AES is also used across many other government agencies and industries.
Healthcare companies benefit from AES by encrypting their extensive databases of patient files, including medical history and personal information. The National Institute of Standards and Technology (NIST) recommends using AES to meet Health Insurance Portability and Accountability Act (HIPAA) regulations.
Banks and other financial institutions rely on AES encryption to protect their customers’ personal and transactional information.
Insurance companies such as Aetna use AES to mitigate risk exposure in specific devices that are used to access customer information.
Even if your business doesn’t fall under the umbrellas of government, healthcare, or finance, you can still employ the same level of security. Any precious information should be stored as safely as possible, and it might surprise you to know how many industries outside of the government have already adopted AES.
In fact, as of 2021, AES is the world’s most popular data protection method.
Wi-Fi networks, Google Cloud, Facebook Messenger, Java programming, and many password managers use AES encryption to protect sensitive data.
This wide variety of applications shows that you can adapt AES for nearly any environment, and it’s secure enough for even the most sensitive data.
How WinZip Enterprise Uses AES to Keep Your Data Safe
WinZip® Enterprise uses AES encryption and supports both 128-bit and 256-bit encryption keys, so your company’s level of data protection can be customized based on your specific needs.
This encryption can be combined with customizable password security requirements (e.g., letters, numbers, special characters, and capitalization) to make unauthorized decryption virtually impossible.
AES encryption in WinZip Enterprise is also Federal Information Processing Standards (FIPS) 140-2 compliant, meaning it meets standards created to guide government agencies and associated contractors and vendors in data protection.
Like AES, these guidelines were initially intended for government use, but have since been extended for application in everyday situations for any business that has sensitive data to protect.
Although the encryption process itself is complex, WinZip Enterprise makes it easy for users to operate. Just select the encryption level you prefer, set a password, and you’re done. With the solution’s lightning-fast processors, less time is needed to securely encrypt large amounts of your most precious data.