Interesting post in Emergent Chaos about whether encryption really is cheaper than cleaning up after identity theft or other breaches of security. The bottom line seems to be that we don’t know the bottom line, because we don’t have a good handle on the costs of breaches and we know even less about how many breaches there really are.

It seems to me that encrypting large datasets on backups, or when mailing them by e.g. UPS to another location, is so trivially easy that it should be worth it to increase resilience as simple risk management.

Some aspects of risk management can’t be easily quantified, so decisions have to be made anyway.  Just doing it like it has always been done is a decision, too.

-jsq