Wednesday, February 28, 2007

On "Five mistakes of data encryption"

This fun article covers some of the other mistakes that often occur when organizations try to use encryption to protect data at rest and data in transit and thus improve their security posture.

2 comments:

Anonymous said...

I liked this article. Recently we reviewed a proposed DB encryption scheme that commited the 4th mistake. Intuitively this seemed wrong. We wrote this up, said "you can't do that." But I would like to offer an alternative, really would like to find and specify something of an industry standard approach. So far found nothing. Have you seen anything bordering on a standard approach to DB encryption that meets with your approval?

Anton Chuvakin said...

Yeah, I've seen some db encryption where keys are elsewhere; to be honest, I forgot what the names were; I suspect that just googling for "database encryption" will unearth then ...

Dr Anton Chuvakin