暗号化とは何か？ | IBM

What is encryption? | IBM What is encryption? What is encryption? Encryption is the process of transforming readable plain text into unreadable ciphertext to mask sensitive information from unauthorized users. Organizations regularly use encryption in data security to protect sensitive data from unauthorized access and data breaches . Encryption works by using encryption algorithms to scramble data into an indecipherable format. Only the authorized parties with the right secret key, known as the decryption key, can unscramble the data. Encryption can protect data at rest, in transit and while being processed, regardless of whether the data is in a computer system on-premises or in the cloud. For this reason, encryption has become critical to cloud security efforts and cybersecurity strategies more broadly. According to the IBM® 2025 Cost of a Data Breach report , organizations that use encryption can reduce the financial impact of a data breach by over USD 200,000. Encryption is also increasingly necessary to comply with regulatory requirements and standards like PCI DSS and the GDPR. Investment in encryption is growing as individuals and organizations face escalating threats and cyberattacks . According to recent estimates, the global encryption software market will reach USD 20.1 billion by 2025 , with a compound annual growth rate of 15.1% from 2020 to 2025. Also, artificial intelligence (AI) has changed the encryption landscape. Specifically, organizations are exploring how AI can help optimize key management and enhance encryption algorithms. The latest tech news, backed by expert insights Stay up to date on the most important—and intriguing—industry trends on AI, automation, data and beyond with the Think newsletter. See the IBM Privacy Statement . Thank you! You are subscribed. Why encryption is important Encryption has evolved significantly over time. Early instances of cryptography and techniques resembling encryption date back to ancient civilizations such as the Egyptians and Mesopotamians. Encryption was later popularized in wartime and espionage efforts and famously associated with the Enigma Machine, a World War II encryption device that was used by the Germans to encode secret messages. Today, encryption is critical in safeguarding sensitive data, especially as organizations transition to the cloud or employ hybrid cloud environments. This shift often leads to data complexity, including data sprawl and expanding attack surfaces. As a result of this data complexity, data breaches can become more costly and more frequent. According to the Cost of a Data Breach report, the global average cost to remediate a data breach in 2025 was USD 4.44 million. With encryption, organizations can deter or mitigate the severity of data breaches. This is achieved by ensuring that hackers can’t access their most sensitive data, including social security numbers, credit card numbers and other personally identifiable information (PII) . Organizations, particularly those in healthcare and financial services, also use encryption to meet compliance standards. For example, the Payment Card Industry Data Security Standard (PCI DSS) mandates that merchants encrypt the customer payment card data they handle. Similarly, the General Data Protection Regulation (GDPR) highlights encryption as a critical measure for safeguarding personal data against unauthorized access or disclosure. Still, it's not just organizations demanding encryption. Users increasingly seek the peace of mind encryption brings. Signal, a messaging app that uses end-to-end encryption , reported a jump from 12 million to 40 million users in 2022 amid concerns over WhatsApp's privacy policies and data-sharing practices. In recent years, modern encryption algorithms have largely replaced outdated standards like the Data Encryption Standard (DES). New algorithms not only mask data but also support key information security principles such as integrity, authentication and nonrepudiation. Integrity ensures that unauthorized parties do not tamper with data, authentication verifies data origins and nonrepudiation prevents users from denying legitimate activity. Current trends in encryption focus on enhancing encryption algorithms and protocols to keep pace with evolving cyberthreats and technologies. Quantum encryption uses principles of quantum mechanics to create cryptographic keys that are theoretically immune to brute-force attacks. Homomorphic encryption allows organizations to perform computations on encrypted data without requiring decryption. This approach means that organizations can use sensitive data for things like AI model training and analysis without compromising confidentiality or individual privacy. Security Intelligence | 29 April, episode 31 Your weekly news podcast for cybersecurity pros Whether you're a builder, defender, business leader or simply want to stay secure in a connected world, you'll find timely updates and timeless principles in a lively, accessible format. New episodes on Wednesdays at 6am EST. Watch the latest podcast episode Types of data encryption: asymmetric versus symmetric The two main types of encryption are: Symmetric encryption: Encrypts and decrypts data by using a secret symmetric key that is shared by all the parties that are involved in a transaction. Asymmetric encryption (also known as public key encryption and public key cryptography ): Encrypts and decrypts data by using two different keys. Anyone can use the public key to encrypt data, but only the holders of the corresponding private key can decrypt that data. Both methods have their strengths and weaknesses. Symmetric encryption is faster and more efficient. However, it also requires meticulous key management because anyone who obtains the symmetric key can decrypt the data. Asymmetric encryption, though slower due to its complexity, offers more robust security by eliminating the need for a secure key exchange. One of the most versatile and well-known solutions for managing asymmetric encryption is a public key infrastructure (PKI). A PKI provides a comprehensive framework for secure communication and authentication, enabling the creation, distribution and validation of public and private key pairs. PKI can help secure various applications, including email, digital signatures and SSL/TLS encryption for web browsing. Organizations generally choose symmetric encryption when speed and efficiency are crucial, such as when encrypting large volumes of data or securing communication within a closed system. When secure communication between parties over insecure channels is essential, such as online transactions, email encryption and digital signatures, organizations might lean on asymmetric encryption. How does data encryption work? Encryption begins by identifying the sensitive information that requires protection. This information can be messages, files, photos, communications or other data. This data exists in plain text format, the original, readable form that needs safeguarding. Encryption algorithms transform this plain text into ciphertext by scrambling the data into an unreadable sequence of characters. This process ensures that only the intended recipient(s) can read the original data. Next, encryption keys are created. An encryption key is like a complex code that is needed to unlock a safe. Without the correct cryptographic key, you cannot access the encrypted data. A longer key size provides higher security by making the decryption process exponentially more complex. In symmetric encryption (see "Types of data encryption”), a single shared key is used for encryption and decryption. In asymmetric encryption (see "Types of data encryption”), two keys are created: a public key for encryption and a private key for decryption. For those without a decryption key, encrypted messages are virtually impossible to decipher. However, users with the decryption key can successfully decrypt the data, essentially reversing the encryption process and converting the ciphertext back into unencrypted, readable plain text. Decryption can also involve an authentication stage, where decrypted data is verified to ensure its integrity and authenticity. This step may include verifying digital signatures, hash functions (see next section) or other forms of authentication to confirm that the data has not been tampered with during transmission. Hash functions Hash functions are closely related to encryption, but these tools address distinct security problems. Hash functions are a type of cryptographic algorithm that is primarily used for data integrity and authentication. They work by taking an input (or message) and producing a fixed-size string of characters, which are known as a hash value or hash code . Their defining feature is their deterministic nature. Given the same input, a hash function will always produce the same output. This process makes them critical for verifying data integrity. Users can compare hash values before and after transmission or storage. If the hash values match, no one has altered the data. While encryption is a reversible process, hash functions are irreversible. It is computationally infeasible to derive the original input data from its hash value alone. For this reason, the primary purpose of hash functions is not to mask sensitive data but to create unique digital fingerprints that cybersecurity professionals can use to verify data integrity and authenticity. Encryption key management Key management is critical for effective data encryption. To understand why, consider the example of a safe. If an individual forgets their code to a safe or it ends up in the wrong hands, they risk losing access to their most valuable possessions or having them stolen. The same logic applies to cryptographic keys. If organizations don't properly manage their keys, they can lose the ability to decrypt and access data or expose themselves to data breaches. For this reaso