What is file encryption?

Your company works with files every day, so you need proven ways to keep your data secure from prying eyes. Cybercrime affects about 32% of companies every year and exacts a global cost of up to $6 trillion annually. To combat this risk, you need powerful security features that integrate well with your existing platforms and fit into your company budget.

File encryption is one of the most effective security solutions. Combined with advanced security controls, it gives your business comprehensive data protection. But what is an encrypted file, and how does file encryption work to keep your files private? This guide explores this topic and explains how the Box Content Cloud can help. 

What does it mean to encrypt a file?

File encryption is a way of encoding files, including the sensitive data they contain, in order to send them securely. The encoding prevents unauthorized access and tampering by malicious actors. It keeps a file from being read by anyone except the person or people for whom it was intended.

For instance, if you work in life sciences, you may need dependable ways to keep revolutionary new designs or breakthrough drug patents from falling into competitors' hands. Or perhaps you work in media and need reliable ways to keep the hottest new screenplay under wraps so no one can leak spoilers. Maybe you work in law, finance, or other professional sectors where your clients trust you to keep their personal information confidential and secure. 

File encryption offers a practical solution. It allows you to render your sensitive data unreadable to all but the authorized recipients.

How does file encryption work?

File encryption works by using encoding algorithms to scramble the data so it becomes unreadable

File encryption works through the use of complex algorithms. An encrypted file is one that has had an encoding algorithm applied to it to scramble the data. The file becomes unreadable once scrambled, but the effect is only temporary. The encrypted data comes with a key the sender provides. This key usually takes the form of a password or passphrase, such as a string of alphanumeric digits, which enables decryption.

Only individuals authorized to access the data receive the decryption key. Once the authorized recipient enters the correct password or passphrase, the file becomes readable again. Most operating systems and file systems have support for file encryption built in. The system safely stores sensitive files, and the decryption key provides access to them.

File encryption is particularly helpful if you need to send files over the internet or on a portable device such as a USB drive. It protects the files during transit, where they would otherwise be most vulnerable. 

How do files get encrypted?

Encryption generally takes place through the use of keys. The art of encrypting and decrypting sensitive data with keys is known as cryptography. It takes two main forms — symmetric and asymmetric cryptography.

Asymmetric or public-key cryptography is popular among many companies. These encryption systems use both a public key and a private key. Anyone with the public key can use it to encrypt files. However, only users with the private key can decrypt the files, so the files remain safe from unauthorized access.

Symmetric encryption uses a single private key for encryption and decryption. The two parties exchanging information through symmetric encryption must exchange keys to decrypt the encoded files. Symmetric encryption is generally faster and more efficient than asymmetric encryption. Organizations usually use this method when they need to encrypt information in bulk — such as an entire database. 

However, symmetric encryption has the disadvantage of diminished security efficacy. This term means that keeping the key secret is often more challenging. For example, if encryption and decryption occur in different locations, the private key must move between the two places, potentially becoming vulnerable to attack in the process.

Encryption generally occurs through programs designed to encode the data in specific ways. Some encryption standards are most common in specific industries. Others are compatible only with particular types of databases. The encryption's effectiveness depends on a few different factors, such as the suitability of the encryption system, the algorithm strength, and the length of the key.

Let's take a closer look at a few popular encryption methods: 


PGP encryption requires purchasing an expensive software license, and international use is complex

PGP stands for "pretty good privacy." The American computer scientist Phil Zimmermann developed PGP encryption in the early '90s to enable secure communications. Today, PGP has evolved into the most widely used encryption and decryption method for email and text messages worldwide. Encryption takes place with a random and public key, and only a private key can decrypt the encoded files.

However, since the software company Symantec currently holds the patent for PGP,  it requires expensive licensing and is especially difficult to use internationally. For this reason, many platforms turn to alternative solutions for file encryption.

Open PGP

Open PGP is an open alternative to PGP, as its name suggests. . Phil Zimmermann, the developer of PGP, released the source code for PGP. Any party can use that source code to create a new encryption program based on Open PGP encryption. 

It works in the same way, using a key-based encryption system to encrypt files before they get uploaded or transferred. The intended file recipient has a public key and shares that key with the file sender. The sender uses that key to encrypt the files. When the recipient gets the files, they use a private key to decrypt them. 

Open PGP is standard in email encryption, and it’s also useful for securing platforms such as File Transfer Protocol (FTP) sites. It’s common for use with Secure Shell (SSH) or Secure Sockets Layer (SSL) connections. Using the combination of different keys helps you safeguard your data, preserving its privacy and integrity.

Zip with AES

An AES key regularly contains at least 128 bits

Zip with AES lets you compress and encrypt files. It uses Advanced Encryption Standard (AES) encryption with Zip and GZip standards — two of the main standards for HTTP file compression. Zip came from MS-DOS and is popular on Windows systems, while GZip is more suitable for Unix-based systems, especially Linux.

AES encryption is a particular specification for electronic data encryption. A pair of Belgian cryptographers developed it in the 1990s, and this encryption method, formerly known as Rijndael, has been securing files ever since. The U.S. National Institute of Standards and Technology (NIST) has made AES its official encryption standard, replacing the obsolete Data Encryption Standard (DES). NIST recently announced that implementing AES has had an economic benefit worth at least $250 billion over two decades.

AES employs a symmetric type of encryption, using the same key to encrypt and decrypt files. It also uses what is known as the substitution permutation network (SPN) algorithm. SPN is a series of linked mathematical steps that create encrypted data from plaintext.

What makes AES such an advanced encryption tool? One main factor is that the older DES key was relatively short, containing only 56 bits. An AES key generally contains at least 128 bits. That's only twice as many as the DES key, but the security it provides is exponentially greater. The number of possibilities for a DES key is 256, or 7.2 x 1016 — 72 quadrillion. That's a lot — but the number of possibilities for a 128-bit AES key is 2128, or 3.4 X 1038 — 340 undecillion

Recent tests have demonstrated that a dedicated hacker could crack a 56-bit key in less than 23 hours. With a 128-bit AES key, on the other hand, testing all possible keys would take about 10.79 quintillion years, or more than 700 million times the age of the universe. Even highly advanced quantum computing technology would take about six months to crack the key. Most malicious actors do not have access to that type of advanced technology — or that amount of time — and would soon move on to easier targets.

Given the protection folded into all these numbers, AES is the standard for most of the encryption you see online. Wireless networks, virtual private networks (VPNs), mobile applications, operating systems, password managers — these are just a few examples of applications where you generally find AES encryption. File encryption software often uses AES, as well.

What is file encryption software?

File encryption software makes it easier to comply with federal and state data privacy regulations

File encryption software is a software platform that uses encoding solutions to prevent unauthorized access to your files. In a world increasingly full of attacks and breaches, this tool is the key to keeping your data safe. 

Encrypting your sensitive data helps you guard against malicious cyber threats. It also enables you to comply with federal and state data privacy laws. It streamlines your data transfer, keeping your files secure and minimizing your reliance on other, less reliable security measures. Without this software, you open yourself up to a world of risks, and your data becomes much more vulnerable to cyberattacks. 

Complying with federal and state data privacy regulations is much more difficult without file encryption software. Most states have data protection and privacy laws that require file encryption in certain scenarios. Legally protected personal financial information, for example, often requires encryption before you send it over public networks. Aside from regulatory requirements, you'll also want to protect your sensitive data in transit for peace of mind.

File encryption software is by far the best solution. Let's explore some of the many benefits of file encryption software:

1. Layered data protection

Layered data protection means using multiple security elements to protect your data. Each layer focuses on a specific area where a cyberattack or leak could occur. The right file encryption program acts as one element of layered protection to keep your data most secure.

At Box, we use two-factor authentication to keep your sensitive data secure against threats, and we use multilayered watermarking to prevent unauthorized duplication and use. Customer-controlled encryption keys add another level of security. They enhance security during file transfers and minimize gaps in your overall data protection strategy.

2. Security across multiple devices

Security across devices - no matter the device, your data will remain securely encrypted

Quality file encryption software gives you the same dependable security no matter what devices you use with it. You'll have the same data safety and peace of mind whether you store and use your data on a laptop, desktop, or mobile device. 

Using Box gives you the utmost security, even when you switch between devices or send sensitive data from one to another. You'll gain peace of mind knowing your data remains securely encrypted no matter how you access it.

3. Secure data transfers

A file in transit, often called data in motion, is particularly vulnerable. When you handle and transmit data, you need to know it has robust protection no matter where it is along its journey. 

Box uses multiple keys to keep your confidential data secure in transit. And because one of those keys is specific and personal to your company, you'll be able to manage your own files, keeping them doubly secure when you send them.

4. Maintained integrity

Data theft is one common issue companies face — and malicious alteration is another. This form of fraud compromises your data's integrity. With file encryption protection from Box, you ensure no malicious actors tamper with your data. Our file encryption also provides peace of mind by enabling file recipients to see that none of the data has become compromised in transit.

5. Ensured compliance

Ensure compliance and avoid penalties by using file encryption software

Regulatory compliance is critical for any company that works with files. Using file encryption software helps you ensure complete compliance with the federal, state, and industry-specific regulations you must follow in handling and transmitting data. File encryption software is one of the most secure methods of sending and storing data while ensuring compliance and avoiding hefty penalties. 

Box has particularly tailored protections available if your organization is part of the government. Your regulatory compliance obligations in that case may be stringent, and we're here to help you meet them while giving your highly sensitive files superior protection. Check out our other industry-specific offerings to see how we can meet your needs.

How to choose data encryption software

The choice of the right file encryption software is critical. It depends on your needs and the needs of your data-sharing partners and clients. Here are a few questions to consider before making a selection:

  1. What is your budget for data encryption software?
  2. Which software features are must-haves, and which would be nice to have? 
  3. How sensitive is the data you store and transmit?
  4. What methods will you use to transfer your data? 
  5. What encryption standards do your data-sharing partners support?
  6. Do you tend to transmit large files that require compression?
  7. Will you encrypt the files before transmission, or will you encrypt the connection used for the transfer?

Consider how your data encryption software will scale with you over the long term. Think about how you want your business to grow over the next several years, and try to figure out what software capabilities you'll need to enhance that growth. You'll want to find a platform that scales seamlessly with your business to provide years of superior protection.

How Box helps with file encryption

Get a complete report of your company's key usage with Box KeySafe

When you choose Box, you gain all the advantages listed above — and much more. We offer file encryption with Box KeySafe, which gives you total control of your data security in the Content Cloud. You control your own encryption keys independently while powering the same high-quality user experience. 

Box KeySafe gives you a comprehensive record of your company's key usage, and tampering with it is impossible. You'll always have that detailed record right at your fingertips, enabling you to track when and why individuals access your organization's keys. Your security team can also limit access to the data if you detect anomalous activity.

Here are a few of the main features you'll get with Box KeySafe: 

  • An easy-to-use platform that deploys within just a few days, regardless of the size of your IT team
  • Keys designed for 99.99999999% durability and maximum availability
  • Reason codes that provide transparency about why various keys are in use and why specific Box events occur
  • Security protocols that never allow for storing keys in plaintext on disc or holding them in memory, where they might become vulnerable to unauthorized access
  • Key rotation support that enables you to rotate the keys you use for an extra layer of security and helps you re-encrypt existing Box content with each new key

At Box, we want to help you achieve your security goals, no matter your company size or budget. We offer best-of-breed, cost-effective options to help you get the encryption you need to protect your files.

How to encrypt your files with Box KeySafe

Steps to encrypt files with Box KeySafe - 1. Upload your files easily 2. Encrypt files with a Box key 3. Encrypt files with a company key 4. Update your Box audit log

Box KeySafe is ideal for many organizations because it lets you secure your data while retaining 100% control over your files. Maintaining this control means encrypting your files yourself. Here are the easy-to-follow steps to encrypt your files with Box KeySafe:

  1. Upload your files through the intuitive Box user interface
  2. Encrypt files with a Box key to provide security without compromising mobility or usability
  3. Encrypt files with your company's key to secure your files so only your organization may control and access them
  4. Update your Box audit log to verify your legal custodianship of the keys protecting your files

AWS options

We work with our trusted partner, Amazon Web Services (AWS), to encrypt and protect your files. Box KeySafe with AWS offers a few tiered options for key-based file encryption. Choose the level that best suits your needs, budget, and file sensitivity:

  • AWS Key Management Service: This is our simplest and most economical method for managing your own encryption keys using the AWS Key Management Service (KMS)
  • AWS Custom Key Store: This solution lets you manage your own encryption keys using the intuitive KMS interface and advanced CloudHSM storage options
  • AWS GovCloud: AWS GovCloud enables government organizations to encrypt highly sensitive files while complying with IRS-1075 and ITAR/EAR requirements

No matter which option you choose, you'll know you're getting unparalleled cloud stack security that lets you secure your files, protect your company and clients, and provide a rewarding experience for everyone who works with you. 

Choose smarter cloud content management solutions from Box

Teamwork and content security go hand in hand. When you need a cloud content management solution with robust file encryption, make Box your trusted source.

Our powerful and intuitive platform makes file creation, editing, classification, and storage quick and easy. Use the Content Cloud to manage your content lifecycle from beginning to end, giving your teams advanced tools for efficient collaboration along the way. Box fosters collaboration, speeds up your processes, and protects your work with cloud-native file encryption for advanced security and compliance.

Contact us today to learn more about file encryption with the Content Cloud.

Manage your content from beginning to end with Box

**While we maintain our steadfast commitment to offering products and services with best-in-class privacy, security, and compliance, the information provided in this blogpost is not intended to constitute legal advice. We strongly encourage prospective and current customers to perform their own due diligence when assessing compliance with applicable laws.