Which hashing algorithm is recommended for the protection of sensitive unclassified information select one?
ForewordCryptographic algorithms for UNCLASSIFIED, PROTECTED A, and PROTECTED B Information is an UNCLASSIFIED publication issued by the Canadian Centre for Cyber Security (Cyber Centre) and provides an update to and supersedes the previously published version. Show
Effective dateThis publication takes effect on August 17, 2022. Revision history
OverviewThis document identifies and describes recommended cryptographic algorithms and appropriate methods of use that organizations can implement to protect sensitive information. For Government of Canada (GC) departments and agencies, the guidance in this document applies to UNCLASSIFIED, PROTECTED A, and PROTECTED B information. An organization’s ability to protect sensitive data and information is fundamental to the delivery of programs and services. Cryptography provides security mechanisms which can be used to protect the authenticity, confidentiality, and integrity of information. Data authenticity, confidentiality and integrity, stakeholder authentication and accountability, and non-repudiation are all benefits of properly configured cryptography. Several algorithms may be required to satisfy these security requirements, and each algorithm should be selected and implemented to ensure these requirements are met. For further information, please contact us: Table of contents
1 IntroductionOrganizations rely on Information Technology (IT) systems to achieve business objectives. These interconnected systems can be the targets of serious threats and cyberattacks that jeopardize the availability, authenticity, confidentiality, and integrity of the information assets. Compromised networks, systems, or information can have adverse effects on business activities and may result in data breaches and financial loss. This document aids technology practitioners in choosing and appropriately using cryptographic algorithms. When used with valid domain parameters and specific key lengths, the cryptographic algorithms listed this document are recommended cryptographic mechanisms for protecting the confidentiality and integrity of sensitive UNCLASSIFIED, PROTECTED A, and PROTECTED B information to the medium injury level, as defined in the Cyber Centre’s ITSG-33 IT security risk management: A lifecycle approach Footnote 1. For requirements on the use of Cyber Centre approved cryptography to protect PROTECTED C and Classified information, refer to the Cyber Centre’s ITSD-01A: IT Security Directive for the Application of Communications Security using CSE-Approved Solutions Footnote 2. This document complements the Treasury Board of Canada Secretariat (TBS) Guideline on Defining Authentication Requirements Footnote 3. Organizations are responsible for determining their security objectives and requirements as part of their risk management framework. 1.1 Practitioner notesIn this document we make recommendations for cryptographic algorithms and parameters. We also list algorithms that should be “phased out” of use. New applications should not use these algorithms. Where these algorithms are used in existing applications, they should be replaced with algorithms that we recommend in this document. For certain algorithms we specify a date by which these algorithms should have been replaced; in other instances these algorithms should be replaced as soon as possible. Unless otherwise specified, when an algorithm requires a primitive, it should be chosen from those recommended in this document. For example, a hash function from Sections 6.2 or 6.3 should be used when using the Keyed-Hash Message Authentication Code (HMAC) from Section 7.1. Unless otherwise specified, when an algorithm requires a parameter, it should be chosen from those recommended in the given reference for the algorithm. 1.2 Policy driversThe need to address and counter cyber threats and vulnerabilities currently threatening networks is a crucial step in securing networks, data, and assets. GC departments must ensure IT security policies and procedures are implemented in accordance with the TBS Policy on Government Security Footnote 4. 1.3 Relationship to the IT risk management processThe Cyber Centre’s ITSG-33 IT security risk management: A lifecycle approach Footnote 1 guidelines suggest a set of activities at two levels within an organization: the departmental level and the information system level. Figure 1: IT Security risk management process  Figure 1 depicts the IT security risk management process that is suggested in ITSG-33 Annex 1 and 2. The figure shows that IT security risk management activities are orchestrated at two distinct levels: the organizational level and the information system level. At the organizational level, the IT security risk management activities conducted by the organizational security authorities (e.g. CSO, ITSC) include:
Figure 1 depicts the IT security risk management process that is suggested in ITSG-33 Annex 1 and 2. The figure shows that IT security risk management activities are orchestrated at two distinct levels: the organizational level and the information system level. At the organizational level, the IT security risk management activities conducted by the organizational security authorities (e.g. CSO, ITSC) include:
The key deliverables of the deploy security controls activity are organizational control profiles and organizational IT threat assessment reports. These deliverables are key inputs into the security risk management activities at the information system level. At the information system level, the IT security risk management activities conducted by IT project managers, security practitioners and developers include:
Information from the operations and maintenance activities provide feedback into the monitor and assess activity at the organizational level. The IT security performance feedback supports the maintain authorization activity under the monitor and assess. Departmental level activities are integrated into the organization’s security program to plan, manage, assess, and improve the management of IT security-related risks faced by the organization. Cryptographic algorithms should be considered during the Define, Deploy, and Monitor and Assess activities. These activities are described in detail in Annex 1 of ITSG-33 Footnote 1. Information system level activities are integrated into an information system lifecycle to ensure:
Cryptographic algorithms should be considered during all Information System level activities. These activities are described in detail in Annex 2 of ITSG-33. 2 Encryption algorithmsThe following section outlines the encryption algorithms that we recommend for protecting the confidentiality of UNCLASSIFIED, PROTECTED A, and PROTECTED B information. We also specify encryption algorithms that were recommended in a previous version of this document but should be phased out by 2023. 2.1 Advanced encryption standard algorithmWe recommend the Advanced Encryption Standard (AES) algorithm as specified in National Institute of Standards and Technology (NIST) Federal Information Processing Standards (FIPS) Publication 197: Advanced Encryption Standard Footnote 5 with key lengths of 128, 192, and 256 bits. 2.2 Triple data encryption algorithmThe use of 3-key TDEA should be phased out by the end of 2023. We no longer recommend the 3-key option of the Triple Data Encryption Algorithm (TDEA) as specified in NIST Special Publication (SP) 800-67 Revision 2: Recommendation for the Triple Data Encryption Algorithm Block Cipher Footnote 6. Note the important restriction that one key bundle should not be used to encrypt more than 220 64-bit data blocks Footnote 6. 2.3 CAST5The use of CAST5 should be phased out by the end of 2023. We no longer recommend the CAST5 algorithm as specified in Request for Comments (RFC) 2144 The CAST-128 Encryption Algorithm Footnote 7. 3 Encryption algorithm modes of operationThe following section outlines the encryption algorithm modes of operation that we recommend for use with the AES algorithm, as specified in Section 2.1. 3.1 Protecting the confidentiality of informationWe recommend the following block cipher modes of operation for protecting the confidentiality of UNCLASSIFIED, PROTECTED A, and PROTECTED B information, as specified in NIST SP 800-38A: Recommendation for Block Cipher Modes of Operation – Methods and Techniques Footnote 8:
Note several important requirements from NIST SP 800 38A: Recommendation for Block Cipher Modes of Operation – Methods and Techniques Footnote 8:
For protecting data on storage devices, we recommend XTS-AES mode as specified in NIST SP 800-38E: Recommendation for Block Cipher Modes of Operation: The XTS-AES Mode for Confidentiality on Storage Devices Footnote 10. 3.2 Protecting the confidentiality and authenticity of informationWe recommend the following modes of operation for protecting the confidentiality and authenticity of UNCLASSIFIED, PROTECTED A, and PROTECTED B information:
4 Key establishment schemesThe following section outlines the key establishment schemes that we recommend for use with cryptographic algorithms for protecting UNCLASSIFIED, PROTECTED A, and PROTECTED B information. 4.1 Rivest-shamir-adleman (RSA)We recommend the RSA-based key-transport and key-agreement schemes as specified in NIST SP 800-56B Revision 2: Recommendation for Pair-Wise Key-Establishment Schemes Using Integer Factorization Cryptography Footnote 13 with an RSA modulus length of at least 2048 bits. The RSA modulus length should be increased to at least 3072 bits by the end of 2030. 4.2 Finite Field Cryptography (FFC) Diffie-Hellman (DH) and Menezes-Qu-Vanstone (MQV)We recommend the Finite Field Cryptography (FFC) Diffie-Hellman (DH) and FFC Menezes-Qu-Vanstone (MQV)-based key-agreement schemes with valid domain parameters for the FB or FC FFC parameter-size sets as specified in NIST SP 800-56A Revision 3: Recommendation for Pair-Wise Key-Establishment Schemes Using Discrete Logarithm Cryptography Footnote 14. The field size (prime modulus parameter) should be at least 2048 bits. The FFC field size should be increased to at least 3072 bits by the end of 2030. 4.3 Elliptic Curve Cryptography Cofactor Diffie-Hellman (ECC CDH)and Menezes-Qu-Vanstone (ECC-MQV)We recommend the Elliptic Curve Cryptography (ECC) Cofactor Diffie-Hellman (ECC CDH) and ECC Menezes-Qu-Vanstone (ECC MQV)-based key-agreement schemes as specified in NIST SP 800-56A Revision 3: Recommendation for Pair-Wise Key-Establishment Schemes Using Discrete Logarithm Cryptography Footnote 14 with an elliptic curve from Table 24 and a field size of at least 224 bits. The field size should be increased to at least 256 bits by the end of 2030. 5 Digital signature schemesThe following section outlines the algorithms that we recommend for digital signature applications providing data integrity and data origin authentication of UNCLASSIFIED, PROTECTED A, and PROTECTED B information. 5.1 RSAWe recommend the RSA digital signature scheme as specified in NIST FIPS 186-4: Digital Signature Standard Footnote 15 and RSA PKCS #1 v2.2: RSA Cryptography Standard Footnote 16 with an RSA modulus length of at least 2048 bits. The RSA modulus length should be increased to at least 3072 bits by the end of 2030. 5.2 Digital Signature Algorithm (DSA)We recommend the Digital Signature Algorithm (DSA) as specified in NIST FIPS 186-4: Digital Signature Standard Footnote 15 with valid domain parameters for a field size of at least 2048 bits. The FFC field size should be increased to at least 3072 bits by the end of 2030. 5.3 Elliptic Curve Digital Signature Algorithm (ECDSA)We recommend the Elliptic Curve Digital Signature Algorithm (ECDSA) as specified in NIST FIPS 186-4: Digital Signature Standard Footnote 15 with an elliptic curve from Appendix D of NIST FIPS 186-4: Digital Signature Standard Footnote 15 and a field size of at least 224 bits. The field size should be increased to at least 256 bits by the end of 2030. 5.4 Stateful Hash-based signature schemesWe recommend stateful hash-based signatures be used only in situations where all of the following apply:
In these situations, we recommend the following hash-based signature schemes as specified in NIST SP 800-208: Recommendation for Stateful Hash-based Signatures Scheme Footnote 17:
6 Secure hash algorithms (SHAs)The following section outlines the Secure Hash Algorithms (SHAs) that we recommend for use with the cryptographic algorithms specified in this publication for protecting UNCLASSIFIED, PROTECTED A, and PROTECTED B information. 6.1 SHA-1We no longer recommend the use of SHA-1 as specified in NIST FIPS 180-4: Secure Hash Standard Footnote 18, which was previously approved for use with keyed-hash message authentication codes, key derivation functions, and random bit generators. SHA-1 must not be used with digital signature schemes, or any applications that require collision resistance. SHA-1 should be phased out for use in keyed-hash message authentication codes, key derivation functions, and random bit generators. 6.2 SHA-2We recommend SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, and SHA-512/256 as specified in NIST FIPS 180-4: 180-4: Secure Hash Standard Footnote 18 for use with digital signature schemes, keyed-hash message authentication codes, key derivation functions, and random bit generators. SHA-224 should be phased out by the end of 2030. 6.3 SHA-3We recommend SHA3-224, SHA3-256, SHA3-384, and SHA3-512 as specified in NIST FIPS 202: SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions Footnote 19 for use with digital signature schemes, keyed-hash message authentication codes, key derivation functions, and random bit generators. SHA3-224 should be phased out by the end of 2030. 7 Message Authentication Codes (MAC)The following sections outline the MAC algorithms that we recommend for data integrity and data origin authentication of UNCLASSIFIED, PROTECTED A, and PROTECTED B information. 7.1 Keyed-Hash Message Authentication Code (HMAC)We recommend Keyed-Hash Message Authentication Code (HMAC) as specified in NIST FIPS 198-1: The Keyed-Hash Message Authentication Code Footnote 20 with a key length of at least 112 bits. The key length should be increased to at least 128 bits by the end of 2030. 7.2 Cipher-based Message Authentication Code (CMAC)We recommend Cipher-based Message Authentication Code (CMAC) as specified in NIST SP 800-38B: Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication Footnote 21 with a key length of at least 112 bits. The key length should be increased to at least 128 bits by the end of 2023. 7.3 Galois/Counter Mode Message Authentication Code (GMAC)We recommend Galois/Counter Mode Message Authentication Code (GMAC) as specified in NIST SP 800-38D: Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode Footnote 12. GMAC is only recommended for use with the AES algorithm as specified in Section 2.1. 8 Key Derivation Functions (KDF)The following sections outline the KDF that we recommend for the derivation of cryptographic keys from key-establishment or pre-shared secrets, used for protecting UNCLASSIFIED, PROTECTED A and PROTECTED B information. 8.1 One-Step KDFWe recommend the One-Step Key Derivation Function (KDF) as specified in NIST SP 800-56C Revision 2: Recommendation for Key Derivation Methods in Key-Establishment Schemes Footnote 22. 8.2 Two-Step KDFWe recommend the Two-Step Extraction-then-Expansion Key Derivation procedure as specified in NIST SP 800-56C Revision 2: Recommendation for Key Derivation Methods in Key-Establishment Schemes Footnote 22. Note that the Transport Layer Security version 1.3 (TLS 1.3) protocol uses this KDF. 8.3 Key derivation using pseudorandom functionsWe recommend the KDFs using Pseudorandom Functions (PRFs) as specified in NIST SP 800-108: Recommendation for Key Derivation Using Pseudorandom Functions Footnote 23. 8.4 Internet Key Exchange version 2 (IKEv2) KDFWhen used in the context of the Internet Key Exchange version 2 (IKEv2) protocol, we recommend the IKEv2 KDF as specified in NIST SP 800-135 Revision 1: Recommendation for Existing Application-Specific Key Derivation Functions Footnote 24. 8.5 Transport Layer Security version 1.2 (TLS 1.2) KDFWhen used in the context of the Transport Layer Security version 1.2 (TLS 1.2) protocol, we recommend the TLS 1.2 KDF as specified in NIST SP 800-135 Revision 1: Recommendation for Existing Application-Specific Key Derivation Functions Footnote 24. 8.6 Secure Shell (SSH) KDFWhen used in the context of the Secure Shell (SSH) protocol, we recommend the SSH KDF as specified in NIST SP 800-135 Revision 1: Recommendation for Existing Application-Specific Key Derivation Functions Footnote 24. 8.7 Secure Real-time Transport Protocol (SRTP) KDFWhen used in the context of the Secure Real-time Transport Protocol (SRTP), we recommend the SRTP KDF as specified in NIST SP 800-135 Revision 1: Recommendation for Existing Application-Specific Key Derivation Functions Footnote 24. 8.8 Trusted Platform Module (TPM) KDFWhen used in the context of a Trusted Platform Module (TPM) session, we recommend the TPM KDF as specified in NIST SP 800-135 Revision 1: Recommendation for Existing Application-Specific Key Derivation Functions Footnote 24. 8.9 Password-Based Key Derivation Function (PBKDF)We recommend the Password-Based Key Derivation Function (PBKDF) as specified in NIST SP 800-132: Recommendation for Password Based Key Derivation: Part 1: Storage Applications Footnote 25 for protecting data on storage devices. 9 Key wrap modes of operationThe following sections outline the key wrap modes of operation that we recommend for key wrapping to protect the confidentiality and integrity of cryptographic keys used for protecting UNCLASSIFIED, PROTECTED A and PROTECTED B information. 9.1 AES Key Wrap (KW)We recommend the AES Key Wrap (KW) mode as specified in NIST SP 800-38F: Recommendation for Block Cipher Modes of Operation: Methods for Key Wrapping Footnote 26. 9.2 AES Key Wrap with Padding (KWP)When input is not a multiple of 64-bits, we recommend the AES Key Wrap with Padding (KWP) mode as specified in NIST SP 800-38F: Recommendation for Block Cipher Modes of Operation: Methods for Key Wrapping Footnote 26. 9.3 Triple Data Encryption Algorithm Key Wrap (TKW)We no longer recommend the Triple Data Encryption Algorithm Key Wrap (TKW) mode as specified in NIST SP 800-38F: Recommendation for Block Cipher Modes of Operation: Methods for Key Wrapping Footnote 26, which was previously approved with a key length of 168 bits. TKW with a key length of 168 bits should be phased out by the end of 2023. 10 Deterministic Random Bit Generators (DRBGs)We recommend the following Deterministic Random Bit Generators (DRBGs) as specified in NIST 800-90A Revision 1: Recommendation for Random Number Generation Using Deterministic Random Bit Generators Footnote 27 for producing random bits for cryptographic applications that protect UNCLASSIFIED, PROTECTED A, and PROTECTED B information:
11 Commercial technologies assurance programsIn addition to using the cryptographic algorithms, parameters, and key lengths recommended in this document to ensure a suitable level of cryptographic security, we recommend the following with respect to implementation assurance programs:
Products containing cryptographic modules validated under the CMVP are referenced on CMVP module validation lists and are accompanied by a vendor-supplied, non-proprietary security policy document (see Selecting a CMVP validated product). The security policy document specifies the cryptographic security provided by a module and describes its capabilities, protection, and access controls. We recommend using the security policy document to select suitable cryptographic security products and to configure those products in FIPS Approved Mode of Operation as defined in Implementation Guidance for FIPS PUB 140-3 and the Cryptographic Module Validation Program Footnote 31 to ensure that only the Cyber Centre recommended algorithms are used. 12 Preparing for post quantum cryptographyQuantum computers threaten to break the public key cryptosystems and weaken the symmetric cryptosystems that we currently use. Although quantum technologies are not yet powerful enough to break the cryptography recommended in this publication, there is significant research in the area. In 2016, NIST initiated a process to solicit, evaluate, and standardize quantum-resistant public-key cryptographic algorithms. The process is still underway, but all candidate algorithms are significantly different from current public key cryptosystems and the transition will require major software and hardware changes to current IT systems. NIST is expecting to finalize standards by 2024. We will update the guidance in this document to address the quantum threat once standards are available. In the meantime, we recommend the following high-level steps:
For more detailed information on how to prepare, see Preparing your organization for the quantum threat to cryptography (ITSAP.00.017) Footnote 32. Organizations should wait until standards for quantum-resistant public-key encryption and signature schemes are finalized before using any candidate algorithm to protect information or systems. 13 SummaryCryptography provides security mechanisms which can be used to protect the authenticity, confidentiality, and integrity of sensitive information. Several algorithms may be required to satisfy security requirements, and each algorithm should be selected and implemented to ensure these requirements are met. This publication provides guidance on the use of the Cyber Centre recommended cryptographic algorithms to protect UNCLASSIFIED, PROTECTED A, and PROTECTED B information. 13.1 Contacts and assistanceFor more detailed information on Cryptographic Algorithms for UNCLASSIFIED, PROTECTED A, and PROTECTED B information, please contact: Telephone: 613-949-7048 or
1‑833‑CYBER‑88 14 Supporting content14.1 List of abbreviationsAESAdvanced Encryption StandardCAVPCryptographic Algorithm Validation ProgramCBCCipher Block ChainingCDHCofactor Diffie-HellmanCCMCipher Block Chaining Message Authentication CodeCFBCipher FeedbackCMACCipher-based Message Authentication CodeCMVPCryptographic Module Validation ProgramCSCiphertext StealingCSECommunications Security EstablishmentCTRCounterDHDiffie-HellmanDRBGDeterministic Random Bit GeneratorDSADigital Signature AlgorithmECBElectronic CodebookECCElliptic Curve CryptographyECDSAElliptic Curve Digital Signature AlgorithmFFCFinite Field CryptographyFIPSFederal Information Processing StandardsGCGovernment of CanadaGCMGalois/Counter ModeGMACGalois/Counter Mode Message Authentication CodeHMACKeyed-Hash Message Authentication CodeIETFInternet Engineering Task ForceIKEInternet Key ExchangeITInformation TechnologyITSInformation Technology SecurityITSGInformation Technology Security GuidanceITSPInformation Technology Security Guidance for PractitionersKDFKey Derivation FunctionKWKey WrapKWPKey Wrap with PaddingMACMessage Authentication CodeMQVMenezes-Qu-VanstoneNISTNational Institute of Standards and TechnologyOFBOutput FeedbackPRFPseudorandom FunctionRFCRequest for CommentsRSARivest Shamir AdlemanSHASecure Hash AlgorithmSPSpecial PublicationSRTPSecure Real-time Transport ProtocolSSHSecure ShellTBSTreasury Board of Canada SecretariatTDEATriple Data Encryption AlgorithmTKWTripe Data Encryption Algorithm Key WrapTLSTransport Layer SecurityTPMTrusted Platform ModuleTRAThreat and Risk Assessment14.2 GlossaryTermDefinitionAuthenticationA measure designed to provide protection against fraudulent transmissions or imitations by establishing the validity of a transmission, message, or originator.AuthenticityThe state of being genuine and being able to be verified and trusted; confidence in the validity of a transmission, a message, or message originator.AvailabilityThe state of being accessible and usable in a timely and reliable manner.Classified InformationInformation related to the national interest that may qualify for an exception or exclusion under the Access to Information Act or Privacy Act and the compromise of which could reasonably be expected to cause injury to the national interest.ConfidentialityThe state of being disclosed only to authorized principals.Cryptographic Algorithm Validation Program (CAVP)A program that is used to validate the functional correctness of the cryptographic algorithms implemented in the cryptographic module.Cryptographic Module The set of hardware, software, and/or firmware that implements cryptographic security functions (including cryptographic algorithms and key generation) and is contained within the cryptographic boundary.Cryptographic Module Validation Program (CMVP)A joint NIST and Cyber Centre program that is used to validate cryptographic modules to FIPS 140-3 Security Requirements for Cryptographic Modules, and other NIST cryptographic standards and recommendations. The CMVP has transitioned from FIPS 140-2.CryptographyThe discipline that treats the principles, means, and methods for making plain information unintelligible. It also means reconverting the unintelligible information into intelligible form.DecryptionA process that converts encrypted data into plain form by reversing the encryption process.Deterministic Random Bit Generator (DRBG)A Random Bit Generator (RBG) produces a sequence of bits (0 or 1) which appear statistically independent and unbiased. Given the same input “seed”, a Deterministic RBG always produces the same output sequence (National Institute of Standards and Technology, June 2015).Digital SignatureA cryptographic transformation of data which provides the service of authentication, data integrity, and signer non-repudiation.EncryptionThe transformation of readable data into an unreadable stream of characters using a reversible coding process. Federal Information Processing Standards (FIPS) Publication 140-3Specify the security requirements that will be satisfied by a cryptographic module utilized within a security system protecting Protected information. The requirement covers eleven functionality areas related to the design and implementation of a cryptographic module.Hash AlgorithmA procedure to transform a message of arbitrary length into a “digest” of fixed length. A secure (cryptographic) hash algorithm should satisfy additional properties, such as “collision resistance”, whereby it is infeasible to find distinct messages with the same digest.IntegrityThe accuracy and completeness of information and assets and the authenticity of transactions.Key Derivation FunctionA transformation of secret (as well as possibly non-secret) data into cryptographically strong secret keys.Key EstablishmentA procedure by which multiple participants create or obtain shared secrets, such as cryptographic keys.Key ManagementProcedures and mechanisms for generating, disseminating, replacing, storing, archiving, and destroying keys which control encryption or authentication processes.Key WrapA mode of operation used to encrypt cryptographic keys, as well as provide for their authenticity and integrity.Message Authentication CodeA fixed-length tag used to verify the authenticity and integrity of a message.Mode of OperationA procedure for using an encryption algorithm, sometimes for a specific purpose (such as Key Wrap).Non-repudiationA measure designed to provide protection against an individual falsely denying having performed an action.14.3 ReferencesWhat hashing algorithm is recommended for the protection of sensitive information?Explanation: MD5 and SHA are the two most popular hashing algorithms.
Which of the following protocols would you use to provide security for employees that access an organization's systems remotely from home?Employees working remotely should use a VPN.
What are three types of sensitive information choose three?There are three main types of sensitive information:. Personal Information. Also called PII (personally identifiable information), personal information is any data that can be linked to a specific individual and used to facilitate identity theft. ... . Business Information. ... . Classified Information.. Which of the following technologies can be used to ensure data confidentiality?Data Encryption
Encryption is viewed as one of the most reliable ways to keep your data confidential at rest, in transit, or when processing real-time analytics. Data encryption uses algorithms to encode data into an unreadable format that needs an authorized key for decryption.
|
