Security Corner

Jun 5 2010   12:58AM GMT

If Encryption Is The Magic Bullet, Why Doesn’t Everyone Use It?



Posted by: Ken Harthun
Tags:
data breach
DataManagement
Encryption
secrurity practice
Secure Computing

Data breaches are all too frequent these days. These headlines from The Register are just a few examples:

Hack on e-commerce co. exposes records for 200,000

Swiss HSBC data breach victim count trebles

London council loses thousands of kids’ details

Shell hit by massive data breach

Now, I ask you: If the stolen data had been encrypted, none of these incidents would be of much concern, would they? Certainly not; the data would be useless to the thieves because it would be just so much white noise. So, this being the case, why isn’t all sensitive data everywhere encrypted? For that matter, just encrypt everything all the time. Unfortunately, it’s not quite that simple.

Encryption adds processing overhead. Encryption key security is an issue. Systems that need to access the encrypted data need access to the key.  Then there’s the danger of forgetting or losing the encryption key thereby rendering the data completely useless. None of these issues is a good reason not to use encryption; however, they do present challenges that make broad use of encryption difficult to implement in large organizations.

Short of encrypting every hard drive everywhere (which would be a major nightmare to implement), at least every database that contains any sensitive information should be stored on encrypted partitions or drives.

So why isn’t everyone doing it?

Comments, please.

1  Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Rogermark
    Weak encryption is an open invitation to hackers to steal confidential information and impersonate as legitimate users. Encryption standards evolve with change in the threat profile and reported breach of existing standards. Organizations have to keep track of the changes in the encryption standards and prevent unauthorized access and leakage of sensitive information. Hiring IT security experts such as [A href="http://www.eccouncil.org"]ceh[/A] can help in understanding the weaknesses and making necessary updates and amendments. While encryption involves cost involvements, organizations cannot afford to compromise on security.
    0 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: