End-to-end encryption (E2EE) is a secure communication process that prevents third parties from accessing data transferred from one endpoint to another.
Data encryption is the process of using an algorithm that transforms standard text characters into an unreadable format. To explain, this process uses encryption keys to scramble data so that only authorized users can read it. End-to-end encryption uses this same process, too. However, it takes it a step farther by securing communications from one endpoint to another.
Get insights to better manage the risk of a data breach with the latest Cost of a Data Breach report.
Register for the X-Force Threat Intelligence Index
In many messaging services, third parties store the data, which is encrypted only in transit. This server-side encryption method secures the data from unauthorized viewers only. But as an effect of this method, the sender can view the information, too, which can be undesirable in cases where data privacy at all points is needed.
In the case of end-to-end encryption, encrypted data is only viewable by those with decryption keys. In other words, E2EE prevents unintended users, including third parties, from reading or modifying data when only the intended readers should have this access and ability.
E2EE is used especially when privacy is of the utmost concern. Privacy examples include sensitive subjects such as business documents, financial details, legal proceedings, medical conditions or personal conversations. Consequently, failure to secure private data could result in damages to enterprise businesses and their customers.
End-to-end encryption can help secure data against cyber attacks. In 2020, for example, the average cost of a data breach was USD 3.86 million globally and USD 8.64 million in the United States. These costs include discovering and responding to the violation, the cost of downtime and lost revenue, and the long-term reputational damage to a business and its brand. And in the case of compromised PII, it can lead to a loss of customer trust, regulatory fines, and even legal action.
End-to-end encryption offers more than sending encrypted messages. It can also allow control to authorize user access to stored data. A centralized privileged user policy management system provides granular control over who has access to what information. Coupled with a centralized key management system that adheres to key management interoperability protocol (KMIP), organizations can encrypt and protect data at every level.
Messaging apps like Signal and a digital trunked mobile radio standard like TETRA use end-to-end encryption to keep conversations between its users private. Email systems can be figured for E2EE , too, but it requires Pretty Good Privacy (PGP) encryption configuration. Users can also use a service like ProtonMail and Tutanota, which have PGP built-in.
Password managers like 1Password, BitWarden, Dashlane and LastPass use E2EE to protect a user's passwords. In this case, however, the user is on both endpoints and is the only person with a key.
Storage devices often provide E2EE at rest. However, service providers can also offer E2EE in transit in a cloud storage setting, safeguarding users' data from anyone, including the cloud service provider.
End-to-end encryption begins with cryptography, a method for protecting information by transforming it into an unreadable format called ciphertext. Only users who possess a secret key can decipher, or decrypt, the message into plaintext. With E2EE, the sender or creator encrypts the data, and only the intended receiver or reader can decrypt it.
Asymmetric, or public-key cryptography, encrypts and decrypts the data using two separate cryptographic keys. The public key is used to encrypt a message and send it to the public key's owner. Then, the message can only be decrypted using a corresponding private key, also known as a decryption key. For example, the Transport Layer Security (TLS) encryption protocol keeps third parties from intercepting messages in transit.
In password management and terrestrial trunked radio (TETRA), the user is both the encryptor and decryptor. For example, with TETRA end-to-end encryption, the receivers generate the encryption keys using a key management center (KMC) or a key management facility (KMF). Then, they retrieve the encrypted data for decryption.
Symmetric encryption is a type of encryption where only one secret symmetric key is used to encrypt the plaintext and decrypt the ciphertext.
E2EE only encrypts data between the endpoints. This fact means the endpoints themselves are vulnerable to attack. Therefore, enterprises implement endpoint security to protect data beyond in-transit.
Hackers can insert themselves between two endpoints, eavesdrop and intercept messages. They impersonate the intended recipient, swap decryption keys and forward the message to the actual recipient without being detected.
Whether or not companies intentionally build backdoors into their encryption systems, cyber attackers can introduce and use them to undermine key negotiation or bypass encryption.
Unprotected, enterprise data can be accessed, stolen, deleted or altered. But with IBM Security™, you can protect your data and organization from harm.
Fully homomorphic encryption (FHE) can help you unlock the value of your sensitive data on untrusted domains without decrypting it.
Strengthen data privacy protection, build customer trust and grow your business with IBM data privacy solutions.
Falling behind on infrastructure refreshes can leave you vulnerable to threats. So apply a security-first approach to your hybrid cloud infrastructure.
Ransomware is more sophisticated than typical malware, using strong encryption to exploit leaked vulnerabilities. Are you protected?
Improve data protection and privacy by encrypting each stage of the data's lifecycle, transmission, storage and processing with IBM Z® solutions.
Centralize, simplify and automate encryption key management with IBM Security Guardium Key Lifecycle Manager.
Simplify data and infrastructure management with the unified IBM FlashSystem® platform family, which streamlines administration and operational complexity across on-premises, hybrid cloud, virtualized and containerized environments.
Understand your cybersecurity landscape and prioritize initiatives together with senior IBM security architects and consultants in a no-cost, virtual or in-person, 3-hour design thinking session.
Learn what data encryption is, the types and benefits, and what it means to protect your data.
From complying with regulations such as the CCPA and GDPR to protecting assets through encryption, learn about the latest concerning data protection and privacy.
Learn what data security is, why it's important, the data security types and more.
Understand your cyberattack risks with a global view of the threat landscape
The Cost of a Data Breach Report explores financial impacts and security measures that can help your organization avoid a data breach, or in the event of a breach, mitigate costs.