What is encryption? Data encryption defined 

Data encryption is a way of translating data from plaintext (unencrypted) to ciphertext (encrypted). Users can access encrypted data with an encryption key and decrypted data with a decryption key.

Protecting your data

There are massive amounts of sensitive information managed and stored online in the cloud or on connected servers. Encryption uses cybersecurity to defend against brute-force and cyber-attacks, including malware and ransomware. Data encryption works by securing transmitted digital data on the cloud and computer systems. There are two kinds of digital data, transmitted data or in-flight data and stored digital data or data at rest.

Modern encryption algorithms have replaced the outdated Data Encryption Standard to protect data. These algorithms guard information and fuel security initiatives including integrity, authentication, and non-repudiation. The algorithms first authenticate a message to verify the origin. Next. they check the integrity to verify that contents have remained unchanged. Finally, the non-repudiation initiative stops sends from denying legitimate activity.

Types of data encryption: asymmetric vs symmetric

There are several different encryption methods, each developed with different security and security needs in mind. The two main types of data encryption are asymmetric encryption and symmetric encryption.

Asymmetric encryption methods:

Asymmetric encryption, also known as Public-Key Cryptography, encrypts and decrypts the data using two separate cryptographic asymmetric keys. These two keys are known as a “public key” and a “private key”.

Common asymmetric encryption methods:

  • RSA: RSA, named after computer scientists Ron Rivest, Adi Shamir, and Leonard Adleman, is a popular algorithm used to encrypt data with a public key and decrypt with a private key for secure data transmission.
  • Public key infrastructure (PKI): PKI is a way of governing encryption keys through the issuance and management of digital certificates.


Symmetric encryption methods:

Symmetric encryption is a type of encryption where only one secret symmetric key is used to encrypt the plaintext and decrypt the ciphertext.

Common symmetric encryption methods:

  • Data Encryption Standards (DES): DES is a low-level encryption block cipher algorithm that converts plain text in blocks of 64 bits and converts them to ciphertext using keys of 48 bits. 
  • Triple DES: Triple DES runs DES encryption three different times by encrypting, decrypting, and then encrypting data again.
  • Advanced Encryption Standard (AES): AES is often referred to as the gold standard for data encryption and is used worldwide as the U.S. government standard.
  • Twofish: Twofish is considered one of the fastest encryption algorithms and is free to use.

Benefits of data encryption

With more and more organizations moving to hybrid and multicloud environments, concerns are growing about public cloud security and protecting data across complex environments. Enterprise-wide data encryption and encryption key management can help protect data on-premises and in the cloud.

Cloud service providers (CSPs) may be responsible for the security of the cloud, but customers are responsible for security in the cloud, especially the security of any data. An organization’s sensitive data must be protected, while allowing authorized users to perform their job functions. This protection should not only encrypt data, but also provide robust encryption key management, access control and audit logging capabilities.

Robust data encryption and key management solutions should offer:

  • A centralized management console for data encryption and encryption key policies and configurations
  • Encryption at the file, database and application levels for on-premise and cloud data
  • Role and group-based access controls and audit logging to help address compliance
  • Automated key lifecycle processes for on-premise and cloud encryption keys

Effective data encryption

New homomorphic encryption toolkit

IBM© synthesized 11 years of cryptography research into a streamlined fully homomorphic encryption (FHE) toolkit for Mac OS and iOS.

IBM Blockchain Platform 2.5

The newly launched multi-party network called IBM Blockchain Platform 2.5 includes the latest innovations to improve the IBM Blockchain Platform.

IBM Z Enhancements

IBM Fibre Channel Endpoint Security for IBM z15™ helps protect data in flight with pervasive encryption and without the costly application changes.

Related Solutions

Data encryption solutions

Protect enterprise data and address regulatory compliance with data-centric security solutions and services

Pervasive encryption solutions

Encrypting data with IBM encryption technology will ensure your data is protected, even in the event of a data breach.

Protect sensitive data

IBM Data Privacy Passports protects sensitive data and maintains privacy by policy as the data moves from its source across hybrid multiclouds.

Data encryption and cryptographic services

IBM Cryptographic Services protects and retains full control of your sensitive data.

Enterprise key management

IBM Enterprise Key Management Foundation (EKMF) is a highly secure and flexible key management system for enterprise.

Data encryption software

Protect your file and database data from misuse with IBM Security Guardium Data Encryption, an integrated suite of products built on a common infrastructure.

Data security solutions

Protect your data, meet privacy regulations, and simplify operational complexity with IBM Cloud Pak for security.