In fact, California has recently passed legislation to force companies to encrypt certain types of data, such as credit card numbers, Social Security Numbers, etc. However, even encryption on disk is only going to prevent the data from being read if somebody were to steal the hard disk, an unlikely event. A clever hacker with a hijacked user account can still log onto the server and read the data as the file system will decrypt the data as it is read from disk and transfer it in its decoded state.
With all the attention being paid to encryption of data in motion, we need new software that introduces keys on both workstations and servers to ensure only trusted users can access the data from trusted workstations. This would raise the security bar and foil remote hacking attempts. In the majority of cases, a continued stream of additional encryption schemes are unlikely to help.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.