Data Security and Encryption

The number of data breaches and security threats has been steadily increasing for years.

In 2005 the annual number of reported data breaches was 157 million, and by the beginning of 2020 the number has increased by a factor of 10. [1,2] In 2020 we are witnessing a mass ongoing migration of various activities to virtual and online environments due to COVID. This means a sizeable increase of the attack surface, which is already being reflected in the number of successful security breaches. The data security of our companies is being compromised.

The concept of data security refers to the set of standards and technologies dedicated to protecting data from unauthorized access and modification. It prevents intentional or accidental destruction, modification or disclosure. It can even incorporate the physical aspect of security.


CEH Miha Lavrič
Nastja Cepak, PhD,
cryptographer, CREAplus

One of the tools we can use to implement data security is encryption. We have already talked about symmetric and asymmetric encryption on our blog and the different usecases where each can be used, though we can quickly refresh our memory of the basic mechanism they both use. On one side we have the sender, on the other the receiver, and they would like to exchange a message, plaintext, over an unsecured channel. Both have previously agreed on an encryption algorithm, a cipher, and both hold appropriate encryption keys. The sender encrypts the plaintext using their key into ciphertext, sends it over the unsecured channel, and the receiver can decrypt it and read the resulting plaintext.

One of the most important things to keep in mind is that before encrypting data, we need to understand what kind of data needs encryption, which algorithms are suited for a specific use case, and where will the encryption keys be kept. Encrypted information is only as secure as the encryption key. Would you like to encrypt data-at-rest? Use asymmetric cryptography to ensure authenticity of messages? Or maybe set up End-to-End Encryption (EEE)? Where and how will your cryptographic keys be generated? How will they be stored and used? Who and how is going to manage them?

Apart from this, encryption is just one of the tools at our disposal that helps us to establish data security. There are also hashing, tokenisation, authentication and key exchange mechanisms, key management practices and more are, which are all components that a data protection strategy should consider.


[1] J.Clement, Statista, 10.3.2020
[2] ITRC


Technical Training for Hardware Security Module (HSM)

utimaco trainingCREAplus, authorized Utimaco training partner, is going to deliver an online hands-on technical training for hardware security module (HSM), on 28-29 October 2021.

Read more ...

From Fundamentals to Quantum-safe algorithms

 Cryptographic JourneyIn the modern, digital world cryptography is an indispensable tool for protecting our systems and data. Without knowing we rely on cryptography daily, be it to check our email, safely login to a computer, or drive a smart car, since the magic happens in the background, unseen. 

Read more ...

CREAplus awarded with AAA Creditworthiness Certificate of Excellence

AAACompany CREAplus has been classified into legal entities that have received highest AAA Creditworthiness Certificate of Excellence, awarded by Analytical House Bisnode.

Read more ...

Utimaco acquires Realsec to strengthen its solution portfolio and expand its regional presence

Utimaco acquires Realsec to strengthen its solution portfolio and expand its regional presenceUtimaco, a leading global provider of IT security solutions, announced that it has signed a Share Purchase Agreement with Realsec, the Spanish IT security company and Hardware Security Module (HSM) provider. The closing of the acquisition is expected in July.

Read more ...

CREAplus Successfully Delivered Training for Utimaco HSM

utimaco LAN V5 4CREAplus, authorized Utimaco training partner, successfully delivered another 2-day online hands-on technical training on hardware security module (HSM), in April 2021.

Read more ...