If Encryption Is The Magic Bullet, Why Doesn’t Everyone Use It?

Data breaches are all too frequent these days. These headlines from The Register are just a few examples:

Hack on e-commerce co. exposes records for 200,000

Swiss HSBC data breach victim count trebles

London council loses thousands of kids’ details

Shell hit by massive data breach

Now, I ask you: If the stolen data had been encrypted, none of these incidents would be of much concern, would they? Certainly not; the data would be useless to the thieves because it would be just so much white noise. So, this being the case, why isn’t all sensitive data everywhere encrypted? For that matter, just encrypt everything all the time. Unfortunately, it’s not quite that simple.

Encryption adds processing overhead. Encryption key security is an issue. Systems that need to access the encrypted data need access to the key.  Then there’s the danger of forgetting or losing the encryption key thereby rendering the data completely useless. None of these issues is a good reason not to use encryption; however, they do present challenges that make broad use of encryption difficult to implement in large organizations.

Short of encrypting every hard drive everywhere (which would be a major nightmare to implement), at least every database that contains any sensitive information should be stored on encrypted partitions or drives.

So why isn’t everyone doing it?

Comments, please.