Is Your Direct Mail Vendor Handling Your Data Correctly? Encryption
Streamowrks Blog
During the quest to find the best direct mail vendor for your needs, you'll undoubtedly look at the services offered.
For example, does the vendor have intelligent inserting capabilities? How about mail tracking?
Have they mastered modern digital marketing techniques like email campaigns and postal remarketing so you can amplify and extend the reach of your direct mail?
These are essential areas to assess.
But if there's one area that shouldn't be an afterthought, it's security. It might be the most crucial factor to evaluate first, depending on the types of data you'll be sharing (HIPAA-covered information, for example).
Therefore it's vital to ask if your direct mail vendor is handling your data correctly. If you haven't scrutinized the vendor's security practices, the answers could shock you.
One of the correct data-handling tenets is the appropriate use of encryption.
In this article, let's define encryption, discuss two kinds (and a few algorithms), and reveal where Streamworks uses encryption to protect your data.
What is encryption?
We use encryption every day in our modern digital society, even if we don't realize it.
It's built into our phones, coded in websites and cloud services, and integrated into our apps, yet we don't spend too much time thinking about it.
That said, a good definition of encryption comes from NIST (the National Institute of Standards and Technology):
Encryption is the cryptographic transformation of data (called "plaintext") into a form (called "ciphertext") that conceals the data's original meaning to prevent it from being known or used.
Types of Encryption
To make the encryption process possible, you need data and at least two other things: keys and algorithms. We'll talk about encryption algorithms a bit later.
There are mainly two encryption methods depending on how the keys are applied: symmetric-key encryption and asymmetric encryption.
Symmetric-key encryption uses a single key for both encryption and decryption. It's a fast and efficient process, but if you want to share the encrypted data, you'll also have to share the secret key.
Sharing the secret key is a problem because if you don't share it securely and safely, the secrecy of your data is at risk.
In contrast, asymmetric encryption (also known as public-key encryption) involves multiple keys for the encryption and decryption process.
In this method, the user generates both a public key and a private key. The private key is always kept secret and is never shared. The public key is shared with no risk of compromising the encrypted data.
The math is complex, but only its matching private key can decrypt the data once the public key encrypts it.
Asymmetric encryption is slower and more resource-intensive than symmetric key encryption. As such, modern implementations combine both methods to take advantage of the strengths of each process.
Algorithms
Let's go back to encryption algorithms. As mentioned, you need data plus keys and algorithms to make the encryption process possible.
An algorithm is a mathematical procedure for performing encryption on plaintext. When you combine the plaintext with the key(s) and run both through a specific encryption algorithm, you'll get encrypted data (ciphertext) out.
Symmetric and asymmetric encryption methods each have their own sets of different possible algorithms.
To keep things simple, the Advanced Encryption Standard with a key length of 256 bits, or AES-256 for short, is the most popular symmetric-key algorithm.
Likewise, two widely-used asymmetric-key algorithms are RSA-2048 and RSA-4096 (developed by Ron Rivest, Adi Shamir, and Leonard Adleman, hence "RSA") with key lengths of 2048 and 4096 bits respectively.
How Streamworks Uses Encryption to Protect Your Data
Now that we understand encryption basics better, where does Streamworks use encryption technology to protect your data?
Let's focus on the three main areas you should be most concerned about:
1. Transport encryption
2. File encryption
3. Encryption-at-rest
When we speak of transport encryption, we're talking about the encryption methods used when transferring data across public, untrusted networks like the Internet.
Streamworks employs encryption at the transport level through our secure file transfer (SFTP) system, SSL/TLS web connections, and encrypted email.
While modern transport encryption protocols are secure, it's vital to "double-up" on the encryption before moving your files across the Internet to us.
As a result, we support (and recommend) file encryption methods like PGP before sending files.
Even if a secure transport method is compromised or unavailable, file encryption standards like PGP protect your files (and emails) from unauthorized access. You may have heard this referred to as “end-to-end” encryption.
Lastly, Streamworks encrypts data-at-rest in its hosted environment.
Per our documented security policies (including a dedicated encryption policy), we classify all client data as confidential. Therefore all Client Confidential data-at-rest is encrypted while in our care.
Conclusion
You now have a working knowledge of encryption! You learned what it is, the methods and algorithms used, and how Streamworks implements encryption protocols to protect your data during transport, as a file (or email), and at rest.
Is your direct mail vendor handling your data correctly? Work with us, and you can confidently answer, "Yes!"
Wondering if your marketing meets today’s tough data security standards? Sign up for a FREE 1-hour assessment with one of our secure mail experts to see if Streamworks is the right partner for you.