Hi All,

Greetings for the day!!!

We are continuing discussing security related concepts and preparing study material for exam SC – 900 – Microsoft Security, Compliance, and Identity Fundamentals

In last three articles we discussed

• Preparing exam SC – 900 – Microsoft Security, Compliance, and Identity Fundamentals – Explaining few terms related to Security – Part 1
• Preparing exam SC – 900 – Microsoft Security, Compliance, and Identity Fundamentals – Explaining defense in depth concept – Part 2
• Preparing exam SC – 900 – Microsoft Security, Compliance, and Identity Fundamentals – Explaining Zero Trust model concept – Part 3

In this article we will discuss two more important concepts – Encryption and Hashing

Take away from this article

• What is Encryption
• Types of Encryption
• What is Hashing

These both the techniques – Encryption and Hashing are used to protect our data from cybercriminals

Encryption

• Encryption is one of the approach to mitigate cybersecurity threats
• We encrypt the data so that unauthored users / viewers cant read data
• To read encrypted data we need to decrypt it and it requires secret key
• Encryption maintain the confidentiality of the data
• Encrypted data also known as ciphertext
• Types of encryption
  • Symmetric
  • Asymmetric
• Symmetric encryption
  • In Symmetric encryption we use the same key to encrypt or decrypt data

• Asymmetric encryption
  • In Asymmetric encryption we use the pair of keys to encrypt or decrypt data
  • Once we encrypted data to encrypt we need paired key to decrypt data

• We could encrypt our data at several levels like
  • Encryption for Data at REST
    • We will store encrypted data irrespective where it stored – in database / storage account
    • Data is in unreadable format and to decrypt we need secret key
    • Without encryption keys data wont be decrypted. It will be in unreadable format
    • Example
      • Files which we uploaded in SharePoint Online, OneDrive for business, messages and attachments in MailBox
  • Encryption for Data in Transit
    • Data in Transit means when data is in transfer state
    • Data is being transferred either over Internet or in our private network
    • This can be handled at different layers
    • One approach is encrypting data at application layer before sending it to Network
    • HTTPS is one of the example of encryption in Data in Transit
    • Example
      • Email communication in Microsoft365
      • Conversation in meetings
  • Encryption for Data in Use
    • Securing data when data is processed
    • This means securing data is non-persistent storage like RAM or CPU caches
    • One of the approach is use of technologies like Enclave
• Example
  • With Microsoft 365, data is encrypted at rest and in transit
  • Using several strong encryption protocols, and technologies which includes Transport Layer Security/Secure Sockets Layer (TLS/SSL), Internet Protocol Security (IPSec), and Advanced Encryption Standard (AES).

Hashing

• Hashing is the concept of converting plain text to some hash value
• To convert plain text to hash value, hashing algorithms are used
• Hashing technology focuses on to maintain the integrity of the data
• Hashing is used to store passwords
  • Hash is created for stored password using some hash algorithm
  • When user enters password same algorithm is used to create the hash of the entered password
  • If both the hash values are matches the entered password is correct
  • This is the secured way to store the passwords rather storing plain text passwords
• Some of Hashing Algorithms
  • MD4 / MD5
  • SHA

Thanks for reading the article !!! Please feel free to discuss in case any issues / suggestions / thoughts / questions !!!

HAVE A GREAT TIME AHEAD !!! LIFE IS BEAUTIFUL 🙂