Since encryption is just one piece of an entire IT security program, it's not a question of encryption alone, but of where it sits in the security program. Let's look at an overall information security program and then bring it back down to earth in terms of encryption.
An information security program, at a high level, starts with a company's inventory of its IT assets: hardware, software, applications, databases and network devices. Each needs to be prioritized by its importance to the business process, which then determines the level of risk associated with the theft of that asset.
The controls based on these risk levels might include, among other things, firewalls, access control systems, physical security, awareness training and, of course, encryption. But encryption doesn't stand alone. It's generally used with something else -- either as part of an access management system or part of a VPN connection through a firewall, and so on.
In the scenario described above, encryption is used as a standalone control by itself, such as for disk encryption or a laptop. In that case, the strength of the control is only as good as the strength of the encryption.
But if a malicious attacker stole a user or root account, the issue isn't necessarily related to whether encryption is as good as the organization's access control policies. The issue could be related to any number of things, such as network security architecture, configuration of access controls or even weak firewall rules.
Encryption has to be looked at as part of an organization's entire IT security program and not by itself, or compared with other controls.
Dig Deeper on Database Security Management-Enterprise Data Protection
Related Q&A from Joel Dubin
Learn about the purpose of CAPTCHA challenges that enable websites to differentiate bots from authentic users to stop spammers from hijacking forums ... Continue Reading
Proper planning is at the top of the list for single sign-on best practices, but it's important to get enterprise SSO implementations off to a good ... Continue Reading
After a server room door has been compromised, finding a more secure solution is of utmost importance. Learn how to choose a server room door that ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.