Controls

What Do You Mean by Storage Encryption?

F5 Labs' Ray Pompon writes for Help Net Security, discussing why establishing "storage encryption" is not the cure-all you might think.
November 06, 2018
1 min. read

In my year-long research project, the F5 Labs’ 2018 Application Protection Report, I asked if security professionals used storage encryption for data and applications. About 19% of survey respondents said they didn’t do any while 39% said they used encryption most of the time and 42% said they used it some of the time.

What I didn’t ask and should have asked (and I will ask next year) is how they defined storage encryption. It’s a vague control, and depending on the threat context and how you define “storage encryption,” it can be a highly effective control or a complete waste of resources.

Before we go too far, let’s back up and look at who is often asking this question: auditors. Under many compliance requirement regimes, you need to do storage encryption.

Read the full article published September 24, 2018 here: https://www.helpnetsecurity.com/2018/09/24/storage-encryption/ by Help Net Security.

Authors & Contributors
Raymond Pompon (Author)

More from Learning Center

Forward and Reverse Shells
Forward and Reverse Shells
09/15/2023 article 5 min. read
Web Shells: Understanding Attackers’ Tools and Techniques
Web Shells: Understanding Attackers’ Tools and Techniques
07/06/2023 article 6 min. read
What Is Zero Trust Architecture (ZTA)?
What Is Zero Trust Architecture (ZTA)?
07/05/2022 article 13 min. read