Encryption In Transit For Secure File Transfers
What is Data In Transit?
Data in transit refers to data that is digitally transmitted from a sending device to a receiving device via a network. When communication channels transmit data from node to node without using encryption in transit, they expose it to a variety of threats.
These threats can consist of interception, eavesdropping, and hijacking, either at a node or in between nodes. Due to the prevalence of such threats, it is imperative that robust security measures are in place to protect data in transit.
What Is Encryption In Transit?
Encryption in transit refers to the utilization of encryption security measures that reduce or completely negate the variety of threats that data in transit is susceptible to. By using encryption in transit, you ensure the safeguarding of your data, thereby preserving the integrity and confidentiality of the data during transmission.
Unlike encryption at rest, which protects data while it sits on storage media such as cloud servers, encryption in transit protects data as systems send and receive it, that is, while data's in motion.
Why Is Encryption In Transit Important When File Sharing?
There are a multitude of threats to data in motion, which must be addressed to provide a secure file transfer service.
Eavesdropping: A bad actor will ‘listen’, sniff packets, and monitor communication taking place in a network. This is often the gateway to more malicious acts as mentioned next.
Packet Sniffing: An attacker monitors the communication taking place and captures the unprotected raw data, extracting personal and sensitive information.
Man-in-the-Middle (MitM): The attacker will present their device as a legitimate node in the network. As data passes through it, they can intercept, read, and alter the data.
Session Hijacking: An attacker will take control of your active session, thereby impersonating you and opening the door to all manner of unscrupulous behaviour.
DNS Spoofing: A bad actor will redirect you from the site you want to access to a fake server they control, which is often a recreated but malicious version of the desired site.
Protocols That Enable Encryption In Transit
Transport Layer Security (TLS)
The actual encryption protocol used to secure data in transit. It ensures that sensitive information such as login credentials and payment details cannot be intercepted or tampered with by malicious actors during
TLS (SSL) Certificates
A digital certificate that authenticates the legitimacy of the website and enables encrypted communication. Although still commonly referred to as SSL certificates, modern certificates actually use TLS and are part of the TLS protocol.
Hypertext Transfer Protocol Secure (HTTPS)
The secure version of HTTP. HTTPS uses TLS to encrypt data sent between your browser and a website’s server. It also helps protect against man-in-the-middle attacks by ensuring users are connecting to the intended website.
How Encryption In Transit Works
Filemail uses HTTPS with TLS 1.2 and AES-256 encryption algorithms to ensure secure file sharing. At Filemail, encryption in transit is not optional, it’s a fundamental part of our robust cloud security posture. Whether you send large files, work-sensitive documents, or personal content, we secure your data from your device to the recipient. Here's how it works:
- The visitor connects to our site, triggering a TLS handshake.
- Filemail’s server sends a TLS certificate, which includes the domain name, public key, and the certificate authority (CA) that signed it.
- The browser validates the certificate to ensure the site is legitimate.
- Both parties agree on encryption settings, including key exchange methods.
- The system generates a shared session key and uses it to encrypt all data transferred during the session.
Compliant Secure File Transfer
A variety of regulations and mandates explicitly require that data in transit must be protected.
General Data Protection Regulation (GDPR)
Mandates the protection of personal data of citizens of the European Union. At Filemail, we fully comply with GDPR.
Health Insurance Portability and Accountability Act (HIPAA)
HIPAA, is a US act that requires health organizations, personnel, and others who handle personal health information (PHI) to protect sensitive data.
Payment Card Industry Data Security Standard (PCI DSS)
Organizations that process financial transactions must protect credit card information.
Customers Ask, We Answer
Encryption at rest refers to data not in motion, but rather data at rest, i.e. when stored on a server. By using a service that provides encryption at rest, your data is encrypted when stored on their servers, enabling them to provide secure cloud storage.
Yes, we do provide encryption at rest when you elect to use our end-to-end encryption functionality.
End-to-end encryption is the practice of using both encryption in transit and encryption at rest. This ensures security of your data from your device, through our cloud-based file transfer service, to your intended recipient.
To prevent unauthorized access to your files and ensure the integrity of your data, we use a variety of measures including antivirus scanning, password protection, and 2-factor authentication.
When encrypting data in transit, especially during file transfers, encryption keys are used to encrypt and decrypt the data. There are 2 types of encryption keys, categorized symmetric and asymmetric.
- Symmetric: One key is used. The sender and receiver use the same encryption key to encrypt and decrypt data.
- Asymmetric: Two keys are used. The sender uses one key to encrypt the data and the receiver uses a different key to decrypt the data. One key is typically a public key, and the other a private key.
Encryption in flight is another term used for encryption in transit. They are exactly the same thing.