The title of this post pretty much says it all. If you store sensitive data in a database you have to work under the assumption that someone is going to try and break into the system and steal that data. Thinking otherwise simply isn’t responsible as the developer and/or administrator of the system. By not encrypting your sensitive data, such as users logins and passwords you could easily enough end up like Yahoo! did on July 11, 2012 with the usernames and passwords of all of the customers of a service being posted on the Internet for all to see.
Not only was this breach a major embarrassment for Yahoo! but it is a potential nightmare for their customers. If those customers (there were a few hundred thousand in the list) use the same email address and password on other websites they’ve now had the username and password for those other services leaked as well.
Now I know that best practice for Internet security says that every website should have a different password, but for the bulk of Internet users this simply isn’t going to happen. Among IT professionals the percentage of people that actually use a different password for each website is probably pretty close to zero. I know that I personally use dozens of different websites a month, and for most people that it probably pretty normal between banks, credit card companies, Facebook, Twitter, work sites, Gmail, etc. that quickly gets up to dozens or hundreds of passwords which need to be remembered. There are plenty of password vault type applications, but general Internet users aren’t going to be using them. As IT professionals we need to remember that we are dealing with the general public and the general public isn’t going to know that they need to do this, no matter how many times we talk about it within the IT field.
One reason that there is lots of unencrypted data out there is that converting older applications from using plain text data to encrypted data is pretty hard to do. There are lots of places within the application which need to be touched and there are possibly lots of different applications which need to be updated all at once. Then there is the possibility of needing to take an outage to do the actual data change. When it comes down to is biting the bullet and taking the outage and making the change. It is well worth it to take the outage and encrypt all the data now, rather than have to worry about a data breach later.
There are lots of techniques which you can use to do this data encryption, to many to list in a single blog post so look for blog posts from me later on how to handle this change. There are also plenty of consultants, including myself, who are happy to help with projects like this.