Ask HN: What is the point of encryption at rest?
Every time there is a data breach, one of the take aways is that the company didn't encrypt their data at rest. The implication is that if they had encrypted at rest, then the data would not have been stolen.
But at rest encryption only protects against someone stealing the actual storage device (and even then, only if they cannot also steal the key). This is a major issue for mobile devices like laptops, but in a data center this means the attacker has physical access to your storage and servers. And once they have physical access, there are lots of other ways that they could compromise data and systems.
So how often would at rest encryption actually have prevented a data breach? Why is it being treated like a major preventative measure?
4 comments
[ 0.29 ms ] story [ 19.3 ms ] threadBeyond that, seems like most of the physical-access compromises still involve at least some interaction with the software - so they would (in principle) leave traces and/or be detected by IDS. Walking up to a server and physically removing a hot-swap drive doesn't, so encryption at rest ensures that that attack won't work.