Why is encrypting data in transit not enough?

Well, that's simple. It's because data is at rest most of the time. There's a general misnomer and false sense of security created by SSL and VPN. The general public and management have a general misperception about

Requires Free Membership to View

all of this that they need to encrypt everything in transit and they'll be fine.

I see Web sites all the time that say that claim to be secure because they are using SSL. This is such a weak claim, and it's also irresponsible. Having said that, I do think that SSL and other methods for encrypting data in transit do serve a couple of good purposes. The first one is to protect wireless network communication. And the second, is to prevent someone from using a network analyzer (sniffer) to capture traffic off a local network.

But, the chances of someone exploiting data in transit is so much lower than someone gaining access, and having extended access to, to data at rest on local drives or in the storage network.

Check out the entire Storage Encryption FAQ guide.

This was first published in October 2007

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: