General discussion

Encryption at rest - why?

By jonwatt ·
Tags: Security
Hello,
Our standard security policy states that encryption at rest should be applied in all cases where confidential data is being stored. This is a decision made based on overwhelming industry and community best practise guidance. Our IT teams fully accept this is appropriate for USB sticks, mobile phone, laptops etc because they're easy to steal. However, where IT challenge this is on Data centre managed infrastructure where we have large storage blocks with data spread across disks and arrays. They maintain that physical theft is virtually impossible, which I agree with, but also that logical theft is impossible because it is only those with the keys who can access that data. This to me shoots down their own argument as they're effectively stated that access is only possible for a very limited group of individuals and applications. reducing the attack surface is a valid control.

IT's main issue is that encryption at rest carries a cost, which on some databases is true, it's significant but that's a different subject.

So i'm looking for answers to the following questions:

1. Do those of you who secure large corporate environments with big storage arrays, apply encryption at rest to confidential data?
2. Why do you do this? Do you think it provides valuable protection or is it more of a PR exercise in case you get breached?
3. Do you know of any real-world examples where encryption at rest in a data centre has protected data from attackers?
4. Are there any scholarly articles (not those produced by encryption vendors), that support the view of encrypting data at rest?

I'm open to a good discussion on this subject. I know best practise is to encrypt but I want to convince IT that this is the right approach, cost or not. Or alternatively i'm happy to listen to opposing views and why encryption at rest is little more than keeping the media from our door when things go wrong.

Many thanks
0 total posts (Page 1 of 1)  
Thread display: Collapse - | Expand +

All Comments

Back to Security Forum
0 total posts (Page 1 of 1)  

Related Discussions

Related Forums