How to encrypt files in the cloud

Online data privacy has long been a common topic of discussion in fields that deal with information technology (IT). As data continues its comprehensive transition from analog to digital, it opens up the door to many conveniences and some incredible benefits. But it also makes companies more vulnerable to the risk of cybercrime. 

Online data and cybercrime are always going to be closely related topics. The good news is that tools exist for you to keep your company's data secure. Keep unwanted eyes from your sensitive data using the power of cloud storage encryption (CSP). While this method is not guaranteed to protect your data against every threat, it's a valuable risk-mitigation technique for companies with cloud data.

Where should data be encrypted? - Data in transit, data at rest

What is cloud encryption?

Cloud encryption is a form of file encryption that combines file privacy with the capabilities of cloud technology. Specifically, it's the process of transforming or encoding any type of data before it enters cloud storage. Encrypted data can be a file, a text document, an image, or even a code.

The point is to stop malicious or unauthorized users from accessing this data. Cloud data encryption is a crucial means for ensuring data is safe from being stolen, breached, or read by an unauthorized person with malicious motivation. 

Cloud storage providers use file encryption tools to ensure secure file sharing for authorized users. They do this by transforming data into an unreadable form and providing authorized users with encryption keys. Users decrypt the data they want to access with the encryption keys, successfully returning the data to a readable, usable form.

Which files do you need to encrypt? Encrypted data exists in one of the following two states:

1. Data in transit

This is data that a user is transmitting from one place to another. You can describe it as data that is “in motion.”

It's important to understand that this form of data encompasses more than a simple file transfer between two parties. Moving data through the cloud puts it in contact with multiple parties, which is one reason encryption is so critical for data in transit.

2. Data at rest

Data at rest exists in a saved state. This means neither software nor human users  are using the data or transferring it to another party. Data at rest can exist in system folders, database servers, flash drives, local hard drives, mobile devices, or any other type of storage system. 

Cloud encryption protects data that's either in transit or at rest within any cloud-based application

How does encryption work in the cloud?

Cloud encryption uses advanced algorithms to encode data. The encoded data appears meaningless to anyone who lacks the encryption key. Authorized users who hold the key can easily make the encrypted data readable again.

However, these keys only exist after being generated in-house or by a trusted cloud encryption provider. Once authorized individuals or groups have these keys, they can access the data through the cloud from anywhere with an adequate internet connection.

The purpose of cloud storage encryption is to protect the data that's either in transit or at rest within any cloud-based application. Encrypting data at rest makes the content useless to users even if it's stolen, lost, or accidentally shared with the wrong person. Even after a mistaken share, the recipient would lack the proper keycode and be unable to use the content, keeping the data protected.

Encrypting data in transit adds a security sockets layer (SSL) to the moving files. If an unauthorized user intercepts the moving data, it'll appear useless to them. The SSL also encrypts session activity, which makes it virtually impossible for someone without the encryption key code to view your session details.

It's important to know how to encrypt cloud storage files to protect your valuable data. Here are two encryption algorithms used for data stored, shared, or being used in the cloud:

1. Symmetric encryption

In symmetric encryption algorithms, both the decryption and the encryption keys are the same. People use symmetric encryption to protect bulk data. This allows fast encryption and decryption, but it's a bit less secure than asymmetric encryption because anyone with the encryption key can access and read the data.

2. Asymmetric encryption

An asymmetric encryption algorithm uses two keys to encode and decode the data in the cloud. One of these keys is public, and the other is a private authentication token. The keys are linked, but each serves a different purpose.

A group of authorized individuals may have the public encryption key, but each individual person has their own authentication token needed to access the data.

The types of keys used depend on whether encryption is symmetric or asymmetric

What is an encryption key?

If encryption is a form of data security that changes programs, data, images, and other digital information to an unreadable state, an encryption key is the way authorized users return the data to a readable state.

Without the encryption key, the data remains unreadable. The algorithm used determines the keys needed to access the data. Symmetric encryption only requires one key, while asymmetric encryption requires a public key and a personal key. 

At its most basic, an encryption key is a string of bits arranged randomly. These bits exist for the sole purpose of encrypting and decrypting the data stored in the cloud. The algorithms used to design encryption keys ensure each key is unique and unpredictable to unauthorized third parties.

In most cases, the cloud service provider is the one encrypting data and generating encryption keys for the customer to use

Who has the encryption keys?

The question of how to encrypt a file finds its answer in who owns the encryption keys. In most cases, the cloud service provider (CSP) is the one encrypting data and generating encryption keys for the customer to use. That said, this scenario may be less advantageous than generating and owning your encryption keys.

Often, CSPs maintain control over the encryption keys used by their customers, but customers must have the ability to safely and easily view, index, and use the data they're storing on the cloud across authorized parties. This can get complicated, so many CSPs control the encryption keys to allow complex team sharing and use of the encrypted data.

It's one thing to encrypt the data on the cloud. It's another thing to make sure the data stays safe once several parties need access to the data so they can use it for their company-wide purposes. That's why many CSPs keep a tight grip on the encryption keys.

But what happens if an insider targets the data on their systems? What happens if the cloud provider itself experiences a damaging cyber attack?

If you want to have more personalized control over your data's protection, you need to partner with a CSP that gives you complete control over your encryption keys. When you control your keys, you obtain insight into how your teams are using them. This capability lets you react to suspicious activity to further protect your data.

Benefits of file encryption: enhanced security, regulation compliance, data integrity, reduced risks

Why should you encrypt your files?

Your organization should do everything it can to protect your essential data. File encryption is one of the best defenses available for achieving this goal. Securing sensitive information like everyday data and intellectual property is crucial to your operations.

More than that, your business likely handles a fair amount of customer data. You owe it to your customers to encrypt your files, too. They want their information kept away from unwanted third parties, and it's your job to make that happen.

There are also several other reasons to encrypt your files. To better understand the importance of this wise business practice, here are four additional benefits of file encryption. Through these, you'll see that file encryption is more than an added service — it's crucial to your business's well-being:

1. Enhanced security

Security is the main concern for any company dealing with sensitive data. This is especially true when storing, transporting, or using data in the cloud. That's why enhanced security is the first and most foundational benefit of file encryption. Encryption services offer protection from top to bottom for your sensitive information, which includes your customers' data.

2. Regulatory compliance

In some instances, protecting your customers' private data is a requirement by law. The Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Federal Information Processing Standards (FIPS) are two examples of regulations requiring businesses within certain industries to encrypt their customers' data. When you encrypt your files, you do more than keeping your customers' information safe — you obey the law. 

3. Data integrity

Encryption enables you to protect the integrity of your data. When you encrypt your data and control the keys, you'll easily see if any malicious players are interfering with your files.

Encryption may be unable to stop every act of cybercrime, but it gives you the best fighting chance to react. You'll take measures to stop cybercrime in its tracks, which is crucial when using your data in the cloud.

4. Reduced risks

Every business wants to minimize risks. Often, financial risks are the ones everyone talks about, but data risks can be even more important. This is especially true when you consider that customer data security can directly influence your company's financial gains and reputation.

For example, when you encrypt your data, you may be exempt from having to disclose a data breach. This reduces the risk of lawsuits, reputational harm, or other consequences that may be associated with security events.

Encryption made simple

Several methods of encryption exist. Every company is different, so your decision may come down to the type of experience you want when it comes to encrypting your files. Whether you want a simple, turnkey solution or one that's a bit more complex is up to you.

First, let's look at encryption made easy — using the built-in encryption tools of your CSP. When you want a turnkey solution for cloud encryption, this could be the option for you.

Here's a look at the pros and cons of this type of cloud encryption:

Pros of built-in encryption tools: ease of use, instant results, comprehensive solutions, simple collaboration

Pros of built-in encryption tools

Cloud storage encryption companies have dedicated tools that encrypt your files for you or give you easy-to-use functions so you have complete control. Here are some of the reasons why this could be the right choice for your business:

  • Ease of use: If your business lacks the resources to encrypt data in-house, then the ease of using your cloud provider's encryption services makes protecting your data a whole lot easier
  • Instant results: Some cloud services automatically encrypt your files so you can enjoy data protection right away 
  • Comprehensive solutions: Managing several different software services to encrypt your files can be difficult, but using a CSP's built-in tools puts everything you need in one central location 
  • Simple collaboration: All your teams need to access and share files across departments and locations is the account password and an encryption key, if necessary

Using a cloud service provider's built-in file encryption can mean extra costs and less control

Cons of built-in encryption tools

It's important to consider the cons any time you make a decision about your company's data security. Here are some other factors to keep in mind regarding a CSP's built-in file encryption tool:

  • Financial costs: You may have to pay extra money to enjoy the convenient, built-in encryption from your cloud storage provider, so account for this in your budgeting
  • Less control: Many CSPs store encryption keys internally, which means the keys are out of your control in the event of a data breach

The ease of built-in encryption services makes many cloud storage providers appealing, albeit at the expense of in-house control over encryption keys. The good news is that some cloud providers give their customers control over their own encryption keys, combining the best of both worlds.

Manaul encryption can be more complex, but this type of encryption offers a customized experience for your needs

Encryption made complex

As you enter the world of file encryption, you'll soon discover that many options exist. With these various, more complex options, you can create a customized experience for your encryption needs. This may interest you if you want more control over how your files are encrypted. In some instances, you may want more control than the encryption offered by a cloud service's built-in tools.

For more complex encryption, turn to manual encryption software. These solutions exist for specific encryption purposes. Your in-house data protection team can use this software to create your company's unique encryption protocol. Still, you must consider all sides of this scenario, as there are positives and concerns. 

Pros of manual encryption software

Despite being more complex than the built-in encryption solutions mentioned above, there are several benefits to using manual encryption software for your business. Here are a few of the most notable pros:

  • Flexible encrypting: Most manual encryption applications let you encrypt an array of file types from diverse programs, giving you freedom over the types of files you can encrypt
  • Mass encryption: Many of these applications let you encrypt multiple files at once, making mass file encryption easy and intuitive
  • Multiple levels of encryption: Some manual encryption programs let you set an encryption level to achieve the amount of security that works for your business needs 

Cons of manual encryption software

Manual encryption software may be a good option for companies who want more control over their encrypted data. However, this control comes at an expense. Before you set up encryption software with your internal team, consider the following potential negatives of in-house cloud storage encryption:

  • Possible compatibility issues: Sharing encrypted files can be difficult or even impossible, as the other party may need the same encryption software to access the files
  • Extra expenses: Some encryption software is free to use, but using it for business purposes may require an expensive commercial license to access all features
  • A tedious encryption process: If you already have data in the cloud, you may need to move it out of the cloud to encrypt it, then reupload the encrypted files
  • Difficulty finding the right software: Keep in mind that many encryption programs exist on the market, so it could be a challenge to find the one that's right for your business

Discover the power of the Content Cloud

With a single secure platform for all your content, Box enables you to manage the entire content lifecycle: file creation, co-editing, sharing, e-signature, classification, retention, and so much more. We make it easy for you to collaborate on content with anyone, both inside and outside your organization. Frictionless, enterprise-grade security and compliance are built into our DNA, so you get total peace of mind that your content is protected. And with 1,500+ seamless integrations — as well as a range of native capabilities, like Box Sign — the Content Cloud provides a single content layer that ensures your teams can work the way they want.

The Content Cloud is a game changer for the entire organization, streamlining workflows and boosting productivity across every team. Contact us today, and explore what you can do with Box.

See how Box helps you secure content across your business

**While we maintain our steadfast commitment to offering products and services with best-in-class privacy, security, and compliance, the information provided in this blogpost is not intended to constitute legal advice. We strongly encourage prospective and current customers to perform their own due diligence when assessing compliance with applicable laws.

Free 14-day trial.
No risk.

Box free trial includes native e‑signatures, let's you securely manage, share and access your content from anywhere.

Try for free