Saturday, August 29, 2009

Encrypted is not a boolean variable

Let's face it, encryption is a new thing, and you have to
keep things simple so people can understand it.

But it frustrates me that most of the talk about
encryption technology, law, policy, compliance, etc is
always in terms of "encrypted" vs "unencrypted". Yeah,
all your data should be encrypted. But that's the beginning
of the discussion, not the end. Encryption is easy.
Protecting data is hard.

Once you use strong encryption to protect your data, you
have real security. That sounds great, but the flipside is
that your company's security policy is probably a pile of
paper in a drawer that no one reads or updates, and does
not correspond to reality. How do you organize your data,
backup your data, share your data, manage your data ...
frankly, how do you USE your data in an encrypted
world? Encryption is coming. You need to think about it
now. Do your homework. If you don't, you'll be paying for
your lack of preparation for years.


BTW this blog post is encrypted with no less than three
proprietary encryption algorithms (ROT-13^2,
XOR-0x00, and CAESAR-26, among others) and therefore
cannot be read by anyone. "encrypted == true" !

1 comment:

Anonymous said...

Those are not proprietary. I have been using ROT-52 for years.