Hi all,
Paul Förster <paul.foerster@gmail.com> writes:
> Hi Bruce,
>
>> On 22. Jul, 2020, at 20:55, Bruce Momjian <bruce@momjian.us> wrote:
>>
>> Does anyone know why we are getting so many requests for encrypting
>> dumps all of a sudden?
>
> probably because a) people don't read past posts and b) more and more IT heads decide that *everything*, be it internal to the company or not, has to be encrypted.
>
Yes, I think the IT heads issue is the primary driver - combined with
very poor understanding of information security at senior levels and a
huge growth of poor quality and 'snake oil salesmen' in the IT security space
due to the amount of money ill informed senior managers are throwing at
what they think is a technical problem which usually is in fact a
business process problem.
The root cause is probably that, if you can't separate sensitive information, you must encrypt everything - hence the dump. It may be a sign of bad design to start with, with data at rest not protected in the first place. It may also be a sign of "encrypt everything to be safe" as a false perception of security, increasing the attack surface instead of reducing it. And we could carry on with this list.
Put it on the account of GDPR, as compliance is not an easy job.