In preparing for a visit to come customers, I was reviewing the instructions needed to make sure AES was the preferred cipher used in SSL/TLS and playing around with a test server to confirm things were working. These secure layers allows for the encrypting of information we now take for granted when completing online purchasing and viewing our bank accounts. It was important to know how to ensure AES is the preferred cipher, since new software like Microsoft's Windows Server 2008 R2 and most new Linux distributions will see a huge performance gain in encryption on Intel's new processors only if they choose this cipher. The same technology is also available for encrypting data at rest in databases.
I was also reviewing some news clippings I had saved about some of 2009's biggest computer security stories. When reading the responses about the NARA incident that potentially exposed part of database including privacy information of 76 million servicemen, reasonable people asked how an organization could have that concentration of information and not have it encrypted. It seems obvious after the fact of sending a malfunctioning hard disk out to a non-government organization that having the data encrypted would have been a good idea. But why wasn't it encrypted. Sadly, it is not unusual thinking. Many, dare I say most, organizations consider the hard disks in their data centers and the information they contain physically secure. And why not. They have strict policies of admission and typically require destroying of media. Yet with all these policies in place headlines seem to continue.
In between playing with SSL encryption and reading some headlines on data breaches I had to ask myself why not just encryption everything. Really, what if we just encrypted everything. Why not?
Well the reasons usually cited include performance, key management and cost. Anyone that has taken a new hard drive and done a complete encryption of the drive knows it can take some time, often hours. At the data center application level, most benchmarks don't include use with any indication of the impact of encryption. Some papers suggest the overhead encrypting a database could be 25-30% percent. What DBA wants to sign up for that kind of performance hit? However with the latest processors the performance is really starting to become a non-issue. New processors in servers (and clients) have instructions that accelerate one of the most popular encryption algorithm today, AES. These new instructions speed up the encryption itself 3x-10x which translates in to the applications like databases and full disk encryption not having an impact to compute performance. Actually the limitation now is more in the hard drive technology. The CPU time to encrypt is not the limiter as much as it is the time taken to read and write all the data on the hard drive.
So why not encrypt all the time. Well certainly there is the potential for additional cost. Although there are free or bundled software encryption products out there, many software vendors charge extra for security packages. Given the average organizational cost of a data breach is over six million dollars, for the few applications that charge a premium would be a cost-effective insurance policy. So that leaves one remaining barrier, key management. Some of suggested the small scale IT could lose more data from losing keys than a data breach. As some recent spy novel-like news stories suggest, poor storage of keys is often the easiest way to "break" encryption. But key management really not that hard. In the modern world, what person doesn't have dozens of passwords and pins numbers to manage. And what large organization doesn't already have sophisticated key management infrastructure and policies in place. So back to the original question, why not encrypt everywhere? Now that performance isn't an issue, it seems the last real excuse is gone.