Encryption pops up again
This article in Computerworld discusses some of the changes happening in the encryption environment and also addresses some possible options, such as selective encryption, or newer processes that perform encryption "on the fly", but again I’m not convinced that it isn’t another case of someone trying to throw a "solution" at an under researched "problem".
I guess there’s only so many topics to talk about, and every time there’s another data loss publicized, this one comes up. While there is no doubt some information needs to be protected through the use of encryption based on its sensitivity, or the manner in which its used, it isn’t a requirement for ALL information. Even personally identifiable information (PII) only needs to be encrypted if it’s handled in a manner that could potentially expose it to others, while in transit, in storage by a third party, or on a system that could potentially be exposed to unauthorized sources. It’s important to do an assessment of the information you have and how it’s managed to determine the need for encryption.
Read more at rcbarnett