Cryptography and Symmetric Encryption

Introduction to Information Security Issues Arising

GofalNewydd is a growing company; the more it expands, the more information security issues it faces. The health insurance company is very vulnerable as it has various data centers and is working towards establishing more. This implies that loopholes allow the data to be decrypted and accepted by malicious people. Data must be converted into unique and complex codes that cannot be easily cracked, even by supercomputers. The data in the cloud infrastructure should be secured in the best way possible. The insurance company deals with a lot of personally identified information, which should be the organization's top priority to protect the consumers and avoid penalties and fines likely to arise from data breaches. With the distribution of various data centers as the company grows globally, there is a gap in the sense that they will have to achieve high-grade network security by utilizing an IT infrastructure that is either geographically distributed or decentralized. Suppose the organization needs to be on top of cloud encryption and decrease the data breach threats staring at the company. In that case, hackers may easily access sensitive data in the organization. There is a need for information security to be put in place, which should be complied with later.

Measures and solutions to address problems

You can also get a customized paper at ace-myhomework.com

One of the workable solutions for the case above is the use of symmetric key algorithms, which are algorithms used for cryptography, and they use the same keys for both the decryption of the ciphertext and the encryption of the plain text. All the parties involved in sharing information will have to share a secret that will require them to maintain a confidential information link. There may be one that both parties have access to secret keys because there are various data centers, and information sharing may be mandatory in this case (Eroshkin et al., 2017).

Appropriateness of the symmetric algorithms for the above scenario

Symmetric algorithms are likely appropriate for the insurance sector because of symmetric encryption's better performance and speed. A large amount of data is at stake here. Symmetric algorithms will typically be utilized for the bulk encryption of large volumes of data (Bellare, Paterson & Rogaway, 2014). As mentioned earlier, there may be personally identifying information that is supposed to be protected to prevent identity theft or fraudulent activities without incurring huge costs of resources. The organization will also likely be involved in payment transactions because clients will likely make claims frequently. There should be a proper way for the company to validate that the senders of the messages are the people who claim to be who they are. The approach will help lower the risks associated with payment transactions that are done frequently (Kansal & Mittal, 2014).

Much data at rest needs to be secured in the best way possible. Although data at rest is considered less vulnerable than data in transit, the attackers are more likely to find the data at rest more treasurable. To protect this type of data, there will be the need to encrypt the sensitive files before storing them and ensure that the storage drive has also been well encrypted (Kansal & Mittal, 2014).

Another rationale behind the approach is that the company mainly uses the cloud to store a large amount of data and also for analyzing the data when needed. Information and data security while in transit when an unsecured medium such as the Internet is used is very important. Considering the volume of data that is being transmitted, it is time-consuming to implement asymmetric encryption. In this regard, symmetric encryption will be faster than asymmetric encryption. The process is flawless as long as every party has a symmetric key (Eroshkin et al., 2017).

Other strengths associated with the approach.

The symmetric-key encryption has a huge background; there is much information that is likely to facilitate its implementation. After the invention of digital computers, much information in this area has been obtained, including the data encryption standard design. The ciphers can easily be designed to obtain high data throughput rates. Some hardware implementations exist that can encrypt many megabytes every second. At the same time, the implementations of software may obtain megabytes for every second as a throughput rate. It is also easy to utilize the asymmetric key ciphers as frameworks that can build various mechanisms of cryptography, and this may include the pseudorandom number generators, the hash functions, and some digital signature schemes, which are efficient (Eroshkin et al., 2017). A result of stronger ciphers is guaranteed in the case of symmetric keys. There exist uncomplicated transformations, which are simple to analyze, and at minimum, they can be utilized in building strong products associated with ciphers.

Alternative measure

Another option would be asymmetric cryptography, which is sometimes called publickey cryptography. This utilizes two different keys, one is private, and one is public. In this case, the public key will be shared by everyone, while the private key will have to be protected. The public may be good in that both the private and public keys can encrypt a message to assure the non-reliability of data through digital signatures, authenticity, integrity, and confidentiality

(Kansal & Mittal, 2014). The algorithm used here will entail a cryptosystem for public key encryption, which is widely used to secure sensitive data, especially when the data is sent over an insecure network such as the Internet. Some policies that the company will take.

Considering the policies that the company will embrace, the first set of policies will entail storing the encryption keys separately from the encrypted data to ensure that proper cloud data security is properly achieved. The policy will provide guidance and direction to ensure that regulations are followed, and that legal authority is granted for dissemination and the use of encryption technologies in the various data centers. There will be an emphasis on the personally identifiable being the top priority for the organization in order to avoid any possible data breaches. Finally, there is a need for the best practices to be embraced at all times. Because the company functions within the cloud infrastructure, the company is supposed to prioritize mapping out the security needs for the cloud deployment and any data that is likely to be moved to the cloud (Gokhale & Vibhor, 2017). The policy will be tailored towards ensuring that all the sensitive data sources are inventoried so that the information technology personnel keep track of what is supposed to be encrypted with the appropriate levels of the bit-key securities. Cryptic keys are supposed to be generated and stored more securely, preventing compromise, theft, and loss. The information technology team will always be able to verify the policy's compliance through the various methods at the company's disposal. The methods may include but are not limited to external and internal audits, the business tool reports done by the company every quarter, and the feedback received from the various stakeholders, such as the policy owners (Bellare, Paterson & Rogaway, 2014). Any employee found to have violated the policy will be subject to disciplinary action, including termination of the employee. These policies are aligned with symmetric cryptography.

Another set of policies will entail the move to encrypt data by the sender, which will encrypt using the public key known to any user in the network. Most of the techniques used here will require the block cipher to decrypt and encrypt the files. The asymmetric keys ought to be used for digital signatures. If an individual intends to enable verification that he/she sent a message, then s/he can be in a position to sign it. The signature process will use the person's private key, given that s/he is the only person with it. The public keys which are used to establish trust are supposed to be authenticated before they are used. For instance, authentication will consider transmission through cryptographically signed messages or even the verification of the public key hash, done manually (Gokhale & Vibhor, 2017). It will also be important that all the servers used for authentication are supposed to have installed a valid certificate that a trusted provider has signed. However, this is aligned with asymmetric encryption. Measures to be taken by the company based on the above policies.

The company will adopt the first set of policies, which is well-aligned with symmetric encryption because of its appropriateness and the benefits the organization will obtain from the policy. Considering that the attackers are becoming more sophisticated, it is also necessary that the IT personnel is frequently trained and equipped to be in a position to prevent vulnerabilities before they happen to the company. The technologies are also evolving, thus the need for the personnel to be frequently acquainted with the changes (Boldyreva, Chenette, Lee & O’neill, 2009).

The process of assessing and reviewing the security of symmetric encryption should be done frequently because the encryptions deployed could be more perfectly secure as they exhibit some weaknesses and strengths. There is a need for the IT personnel to frequently analyze the designs in place to ensure that the encryptions are always resilient to the company's needs. The protocols for confidential communications are supposed to describe how a receiver and sender authenticate each other, how they are likely to agree on or produce the encryption keys, ad how the exchanged information is encrypted and moved across the networks (Gokhale & Vibhor, 2017).

The company will scale up how it manages and secures the keys. They must be created securely, well-stored, properly distributed, certified, well-backed, revoked, updated, and deleted. Since the key also has a finite lifetime depending on the risk of exposure and usage, it is a good practice for the company to do away with all key copies when it is no longer useful (Kuppuswamy & Al-Khalidi, 2014).

The company is determined to achieve the highest level of security; it must ensure that the operating systems are upgraded to be compatible with the best practices, such as full disk encryption. Full disk encryption will make it possible to protect both the system programs and the user data from any form of disclosure (Boldyreva, Chenette, Lee & O’neill, 2009). The files themselves will be protected using symmetric encryption. More protective measures that combine computer hardware and operating system software prevent the files in the system from being modified.

Information technology must ensure that the encryption systems in place meet real-world requirements. For instance, if the team has found an error, one should update signed firmware in a very secure manner, as well as other software elements. The user passcodes should be changed without necessarily re-encrypting and decrypting the content that has been saved on the disk (Gokhale & Vibhor, 2017). Since the disk encryption systems are configured, the chances are high that the secret key that protects the disk encryption key is done away with in a situation where many invalid passcodes are entered.

Conclusion

In the modern-day work environment, information systems and the information protected in the systems are critical assets that companies should protect. There is a need for the information used by the company and the information it contains to be protected from inappropriate use, modification, and unauthorized disclosure. The information is contained in the computer systems, which entails groups of interconnected computers that utilize shared networks. The information will therefore require protection when it is being transported from one location to another, being processed within a protected facility, and even at rest. Hackers and insiders may be in a position to access the data but not able to know or modify it. Cryptography is better placed to protect the information against hackers and insiders for the insurance company by providing the necessary layers of protection.

Cryptography that is effectively implemented will reduce the scope of the information management problem by emphasizing protecting the keys and specific metadata. The algorithm unveiled above is tailored toward satisfying the company's security goals, which are authentication, non-reputation, confidentiality, and integrity. Symmetric cryptography is a better place to achieve the above goals. With proper training of the personnel and prospective users of the system, the system designers consider that the users are not normally security experts and may only sometimes be in a position to understand the purpose of the security feature they use. As such, symmetric cryptography may be user-friendly when adequate support is in place, making it possible for users to work from home. Considering the legal legislation that comes into play, cryptography law protects people from having their personal information disseminated without their consent. Cryptologic systems sometimes entail technological secrets that are highly priced. When a company produces new encryption technology, there may be the need to secure a patent relative to the technology. As such, the insurance company may need to pursue patents appropriate for developing technology in this legislative area. The company can therefore leverage the numerous benefits associated with symmetric encryption in attaining the optimal level of security for its data center, even as it embarks on an expansion spree.