Encryption is Not Perfect, Obviously

September 18, 2015
Kevin Lam

Here’s is an article about how Electronic Medical Records (EMRs) are still at risk even if they are encrypted. It takes about how “property-preserving encryption technologies” can still leave EMR data at risk, because that data can recovered.

Correct. Encryption is just means of reducing your risk of a data breach. No one control by itself, or even working together with other controls, can ever totally eliminate risk. What bugs me about this article is that it leaves readers, who may not be crypto experts, with the impression that encrypting data is futile activity, when it’s not the case. Not even close.

Yes all encryption can be broken, but to break today’s modern algorithms it take a lot of effort, and I mean a lot. So protecting sensitive data with encryption is still way better than not.

Don’t get duped into thinking otherwise, encrypt your sensitive data! Happy Friday, and see you next week.