Interesting post in Emergent Chaos about whether encryption really is cheaper than cleaning up after identity theft or other breaches of security. The bottom line seems to be that we don’t know the bottom line, because we don’t have a good handle on the costs of breaches and we know even less about how many breaches there really are.
It seems to me that encrypting large datasets on backups, or when mailing them by e.g. UPS to another location, is so trivially easy that it should be worth it to increase resilience as simple risk management.
Some aspects of risk management can’t be easily quantified, so decisions have to be made anyway. Just doing it like it has always been done is a decision, too.
-jsq
Of course encryption is cheaper. When a breach happens, you’re not only paying to deal with the actual containment and response; you’re paying to deal with the psychological fallout as well, and how high that price tag is depends on the level of hysteria at the time. And that’s even assuming there’s no litigation cost.
So why aren’t more people doing encryption? Because it’s messy. Messy in that you have to manage keys, and you have to figure out whether you’re going to have to pull thousands of ten-year-old tapes out from a warehouse at some point, decrypt them, and then re-encrypt them to make sure they’ll be recoverable in another ten years. There’s no changing a lock on an encrypted tape when you have enough employee turnover to lose track of the keys.
Can you imagine the scene in the courtroom when a defendant explains that they can’t recover the requested data because they lost the keys? Judges are already losing patience with delays in record retrieval, and making the defendant eat the cost, too …
So there could be costs associated with lost keys.
Everything has its risks.
I would think that one could be dealt with by making sure there are multiple copies,
and by having a separate location with encrypted copies of the keys, using a currently known key.