I found an interesting piece/article on Slashdot that covers an interesting prospect to all of the hooplah over the recent scares in IT regarding data theft and storage (looking at you Mr. NSA)…don’t try to implement more encryption.
The basic idea of it is to not look for solutions that add more security to your environment, because with the way things are now its not unfeasible that the government or some other body will look to pursuade businesses to reduce the security in their products. A good example of this is HTTPS and browsers. Take the 3 biggest browsers in the market (Firefox, Chrome and IE), and have the government pay up a large lump sum to them to randomize HTTPS keys out of a known dictionary.
This wouldn’t be your normal 300-word dictionary, however. This would span millions and millions of lines, and with a lot of products introducing cloud and *-as-a-service offerings, there’s no real way that we can tell this isn’t already occurring.
I’m also not a conspiracy theorist either, so if it is or isn’t are two different playing fields, but it should make you re-evaluate what these scares and controversies are really bringing to the table. My biggest complaint is I’ve always lived the mantra of “if you have nothing to hide then don’t be afraid”.