Lieberman says encrypting all your data is not enough
Encrypting all on-server data, while a good move in the right direction to assure security, is not going to solve the problem, according to Philip Lieberman, president and CEO of Lieberman Software, the privileged identity management specialist.
Referring to healthcare organisation BlueCross BlueShield of Tennessee, which has completed a year-long project to encrypt all its at-rest data following the theft of 57 hard drives, he states that it's "like a net with giant holes in it".
Says Lieberman: "Unfortunately, if companies don't use privileged identity management software, they do not have the controls necessary to safeguard their data. Management may feel good about what they have done, but there remain large holes in their safety net."
He goes on to say that data encryption alone is practically useless, because "by exploiting weak or non-existent privileged identity access controls and technology, an insider, former employee or criminal can easily access the encrypted data by gaining access to program encryption keys".
