Skip to content ↓ | Skip to navigation ↓

Security Slice: To Encrypt or Not to Encrypt?

https://www.tripwire.com/state-of-security/wp-content/themes/tw-base/assets/img/core/gravatar.png

The state of California recently released its first annual data breach report and the results were striking.

According to Attorney General Kamala D. Harris, 1.4 million citizens would have been protected from breaches if businesses had encrypted their data.

Is encryption the key to data breach protection? Why don’t more organizations utilize it?

Listen to Episode 90 of our Security Slice podcast and hear Dwayne Melançon, Lamar Bailey and Tim Erlin discuss data protection and accessibility, the two major drawbacks to encryption, and why HIPAA compliance highlights the difficulties between security and portability.

Listen to the podcast now

 

More Podcasts:

 

P.S. Have you met John Powers, supernatural CISO?

 

Title image courtesy of ShutterStock
SANS White Paper: Security Basics

Categories

Tags , , , , , , , ,

  • Pingback: Eric Siebert()

  • Encryption is nice, but its never going to be the end all be all to security. In broad terms you need encryption, policy's, backups, reviews of policy and data backups (how relevant are they?), and most importantly the people must be made aware of how to act responsibly with data.

    • Sean

      Oui. You are correct that encryption will never be the end all for security but it in my experience costs little and will keep the low and mid level hackers out of your business. Your second point is also valid: The best way to keep your data safe is be responsible. Password security, employee responsibility, and common sense.

  • UneDix

    Interesting article but it’s HIPAA .. compliance

  • UneDix

    Interesting article but it’s HIPAA .. compliance

  • Mike

    a lot more sites would encrypt non-public content if

    1. to do so they didn't also end up having to encrypt all the public content (waste of resources – and the "all or nothing" approach of browser ssl left over from some workaround back in the 90s is resulting in more harn than good)

    2. browsers would let people use encryption without sticking that other big gaping long-term security hole in front of their sites – untrusted third party site verification!
    (there is nothing to guarentee that CA's will never be corrupted, ordered, bullied, infiltrated or compromised nor that a network problem won't ever temprarely cause users to see scary popups) there is no on-size-fits all model for "verification" that can suit every site or service and the wishes of its users for everything, let alone one that could even do this for one use case withoiut actually looking at the site or asking the user what they want to do there!

    – sounds more like a huge gaping security hole with potential for future misuse to me.

    any attempt to force people to rely on untrusted " verification" should be viewed with suspicion .. its not needed to do encryption – and there is nothing to guarantee that some future censorship-oriented regime or corruption won't ever bully/order/bribe CAs into becoming part of some kind of "internet filter" project. .. even the slightest possibility of something like that would way too high a price to pay!