Encryption is for data at rest, not just in transit
Everybody knows that it is easier to hit a stationary target than a fast-moving target. Yet an enormous amount of resources are being used to encrypt data in motion, while the bigger risk is in data at rest.
One reason for the focus on data transfer rather than storage dates back to pre-1994 days. At this time, ethernet broadcast all communications between two computers to all of the nearby computers, thus allowing a hacker with a sniffer (a piece of software that captures network traffic) to see other users' data.
But in most companies today, data is almost always transferred on switched networks and thus is transferred from point to point - with no visibility of that data by other network-attached devices. The only way to circumvent this is for the hacker to load his sniffer program onto the actual server itself, but even in this scenario, there are simpler ways to access the data directly.
Given this fact, the enormous amount of resources put into encrypting data in flight, travelling over the network, seems disproportionate.
[ Read more ]