In my year-long research project, the F5 Labs’ 2018 Application Protection Report, I asked if security professionals used storage encryption for data and applications. About 19% of survey respondents said they didn’t do any while 39% said they used encryption most of the time and 42% said they used it some of the time.
What I didn’t ask and should have asked (and I will ask next year) is how they defined storage encryption. It’s a vague control, and depending on the threat context and how you define “storage encryption,” it can be a highly effective control or a complete waste of resources.
Before we go too far, let’s back up and look at who is often asking this question: auditors. Under many compliance requirement regimes, you need to do storage encryption.
Read the full article published September 24, 2018 here: https://www.helpnetsecurity.com/2018/09/24/storage-encryption/ by Help Net Security.