We see a lot of press, day in day out, citing yet another breach of health, financial, or personal data. Today, when an information breach hits the news, reporters seldom talk about the quality of the firewalls or the DLP, but they do talk about unauthorised access, and specifically if the data was encrypted or not. There’s a reason for that: On some level, journalists and readers all understand that defense ends with the protection of the actual data. Is it encrypted? If so, who can access the key? Many breaches involve inside access, or compromized accounts. Gone are the days of the fortified city perimeter surrounding a soft-center (the fall of Troy), so how do we pitch our CEO/CFO on allocating funds and resources to refocus our security strategy?

Breaking through firewalls is easy

Encryption is hard to crack