The information security industry, with all its raging debates, has rallied around a small corpus of best practices. One of the highest on this list is full-disk encryption, which security experts regard as sacrosanct. This is the encryption that ensures that someone who snatches your device won’t be able to know everything you’ve got saved on it. I’m here to make the case that most of you are better off not using it.
You can keep adding points of failure until anything becomes unusable.
You can keep adding security fixes until anything becomes inaccessible to anyone.
There is no such thing as zero risk.
There is risk mitigation.
Beyond a certain point, the quest for zero risk becomes the source of new problems.
The Case Against Full-Disk Encryption
Posted by: Jonathan Terrasi July 27, 2020 04:00 AMThe information security industry, with all its raging debates, has rallied around a small corpus of best practices. One of the highest on this list is full-disk encryption, which security experts regard as sacrosanct. This is the encryption that ensures that someone who snatches your device won’t be able to know everything you’ve got saved on it. I’m here to make the case that most of you are better off not using it.
You can keep adding security fixes until anything becomes inaccessible to anyone.
There is no such thing as zero risk.
There is risk mitigation.
Beyond a certain point, the quest for zero risk becomes the source of new problems.