Transport Layer Security (TLS) encryption uses cryptographic techniques to ensure that communications between two points or two parties are authenticated and secure. Many organizations use TLS for secure communications, including Internet applications and virtual private networks (VPNs). When remote access employees need to access specific tools over the Internet, TLS may be used to secure the transmission of data both through Internet applications and VPNs.

Cryptography can be used for encrypting data at rest and data in motion for various business requirements. Examples of cryptography for business purposes are:

• Encrypting hard drives as a preventive measure in case a laptop or other mobile device is stolen. An organization may choose to encrypt the hard drive to ensure that if the hard drive is removed, the data cannot be read. The organization may choose to require a password during bootup as well. This ensures that the data cannot be read without authenticating the user of the device.
• Encrypting removable devices such as universal serial bus (USB) drives. To remove data or read data that are located on a removable drive requires authentication from the owner of the USB drive.
• Encrypting instant messaging communication that occurs with users inside or outside of the network. This ensures that any information that is shared via this mode of communication cannot be read by an attacker.
• Encrypting file transfers within and outside of the network. This protection secures the data when transmitting outside of the network. It will also provide an extra layer of security even if the network is considered secure.
• Encrypting highly sensitive data such as customer data, credit card information, Social Security numbers, or any data that can cause harm when in the wrong hands.
• Encrypting information on mobile devices, such as smartphones and tablets, which are highly susceptible to loss or theft.

There are many different standards that businesses can follow. The Payment Card Industry Data Security Standard (PCI DSS), for example, requires the protection of consumers’ credit card data. One of the PCI DSS requirements is to encrypt the data or file share on which the information resides.

Cryptography is used in businesses for securing email, TLS, and Internet Protocol Security (IPSec). One example of securing email is Secure/Multipurpose Internet Mail Extensions (S/MIME), a standard for encrypting and digitally signing email. S/MIME also provides secure data transmissions by encrypting emails and their attachments. MIME is the official standard used to define how the body of an email is structured. The MIME format allows email to contain attachments via MIME-compliant mail systems. These attachments can be audio or video clips, enhanced texts, graphics, and so on. MIME provides no security; therefore, S/MIME was proposed.

The use of S/MIME is illustrated in the following example, in which Alice is preparing an email for Bob. Alice wants to encrypt and digitally sign the email, so she performs the following steps:

1. Alice generates a secret key for one-time use. This key can also be referred to as a “session key.”
2. Alice uses the session key to encrypt the email that she intends to send to Bob.
3. Alice encrypts the session key with Bob’s public key.
4. Alice digitally signs the email and sends the email package to Bob.
5. Bob receives Alice’s email and decrypts the encrypted session key with his private key. He uses the session key to decrypt Alice’s encrypted email.

In order to send digitally signed and/or encrypted email, valid, appropriate certificates must be loaded into the email client.