The National Institute of Standards and Technology, more widely known as NIST, is a non-regulatory agency within the United States Department of Commerce. While their goal is to encourage and facilitate innovation and industrial competitiveness within the U.S., most notably by finding ways to further measure science, technology, and standards, they affect many areas of your everyday life that you may not know about. Let’s look at their background, their implementation of the widely accepted Advanced Encryption Standard, and then take a look at how they are relevant to file sharing.
NIST: A Background
It’s overwhelming to think of the number of things that rely in some way on the standards and technologies created by NIST:
- Smart electric power grids
- Advanced nanomaterials
- Electronic health records
- Atomic clocks
- Computer chips
And that’s just a few! NIST was founded over 100 years ago in 1901. They carry out their mission through several programs, including the NIST laboratories that conduct research to advance our technology infrastructure, the Hollings Manufacturing Extension Partnership, which is a network of U.S. centers that provide business and technical help to smaller manufacturers so they can keep jobs, boost profits, and save both time and money, and the Baldridge Performance Excellence Program that encourages excellence among manufacturers, health care providers, nonprofits, and other industries, institutes outreach programs, and manages their yearly quality award that recognizes excellence and quality in performance.
As of 2015, NIST operated with a staggering $900-million budget and operated in two locations: Maryland and Colorado. They employ more than 3,000 people, including technicians, engineers, and support and administrative staff. They host more than 2,700 people from academic backgrounds, various industries, and government agencies, all of whom work with NIST staff. In addition, NIST has more than 1,300 manufacturing specialists and staff around the country.
AES: Some of NIST’s Best Work?
Advanced Encryption Standard (AES), which is also known as Rijndael, is a specification NIST set out for the encryption of electronic data almost 15 years ago in 2001. AES has been approved and adopted by the government of the United States and is in fact used worldwide. It supersedes the Data Encryption Standard (DES), which was first published all the way back in 1977. As you can imagine, it was time for an update.
The algorithm that’s described by AES is symmetric-key, which means that the same key is used when encrypting and decrypting data. NIST first announced it in the U.S. on November 26, 2001, which followed five years of a standardizing process where 15 designs competed against each other, were evaluated, and the best was chosen.
It was first chosen as the standard of the U.S. government in 2002, after the Secretary of Commerce approved it. It’s also a part of the ISO/IEC 18033-3 standard. It comes in numerous encryption packages and is the first open cipher that’s publically accessible to be approved by the National Security Agency (NSA) for top secret information, as laid out in the cryptographic model approved by the NSA.
How Secure is AES?
The fact that the NSA has approved AES for their classified documents is a good sign that it’s secure, but does the evidence back that up? It sure does. There have been successful attacks against AES, but only side-channel attacks. Side-channel means that the attacks were successful not because of flaws within AES, but rather because of flaws in the way it was implemented in specific events. As a result, the only way AES can be broken is if it’s not used correctly.
How do NIST and AES Affect SecureDrawer and eFileCabinet?
At eFileCabinet, SecureDrawer is the client portal we offer for the sharing of confidential information in a paperless environment. How does AES affect it? Put simply, SecureDrawer follows the protocols and standards set out by the latest AES updates. We take the security of every client seriously and there’s no question that only NSA-level security would do for the type of sensitive documents our clients trust us with.
The Importance of Security in a Paperless Environment
There are many advantages to moving toward a paperless system, including convenience, lower overhead costs, and the ability to compete in today’s technologically complicated marketplace. However, some organizations are understandably concerned about security. The reality is that AES encryption can make documents much more secure than storing them on site.
Consider first that documents stored in a physical location are always at risk of theft. It’s as simple as someone walking in and walking out with sensitive materials. It’s virtually impossible to ensure that only authorized people have access to files. On the other hand, eFileCabinet not only has role-based security that allows organizations to give access to only those who are authorized, but it also has audit trails that track who accesses a document and when.
Theft isn’t the only issue though – paperless file storage also protects files from being destroyed during environmental disasters, fires, or other issues. When you work with a company that constantly backs up your data your organization can rest assured that your documents are secure from virtually any events you can think of. At eFileCabinet, we take pride in bringing peace of mind to our clients by offering the best security measures available today.