File encryption protects individual files or file systems by encrypting them with a specific key, making them accessible only to the keyholder. The goal is to prevent malicious or unauthorized parties from accessing files that are stored on the disk. Support for file encryption can be built into an operating system or file system. A decryption key allows access to the sensitive files. File encryption is helpful if a user needs to send individual files securely over the internet or store them on a removable device such as a USB stick. A file in transit is sometimes referred to as data in motion.
Cryptography and file encryption
Cryptography, the practice of encrypting and decrypting sensitive data, takes two forms: asymmetric or public-key cryptography, and symmetric cryptography. Asymmetric cryptography uses a generally known public encryption key, allowing anyone with the public key to encrypt data. However, only users with the private key can decrypt the data, which creates greater security. Symmetric cryptography uses a single key for encryption and decryption.
Full disk encryption, on the other hand, secures an entire disk or drive but doesn’t encrypt individual files within the disk. It’s wise to use file encryption and full disk encryption simultaneously for extra security, so that both your hard drive and your individual files are protected.
Some companies are encrypting their sensitive data in the cloud, but they’re the minority. Storing encrypted files in cloud applications can be more complicated. However, IT professionals believe the cloud will become more important, which may mean more encrypted file storage in cloud applications.