Why is encrypting data in transit not enough?
Well, that's simple. It's because data is at rest most of the time. There's a general misnomer and false sense of security created by SSL and VPN. The general public and management have a general misperception about all of this that they need to encrypt everything in transit and they'll be fine.
I see Web sites all the time that say that claim to be secure because they are using SSL. This is such a weak claim, and it's also irresponsible. Having said that, I do think that SSL and other methods for encrypting data in transit do serve a couple of good purposes. The first one is to protect wireless network communication. And the second, is to prevent someone from using a network analyzer (sniffer) to capture traffic off a local network.
But, the chances of someone exploiting data in transit is so much lower than someone gaining access, and having extended access to, to data at rest on local drives or in the storage network.
Check out the entire Storage Encryption FAQ guide.
04 Oct 2007