Re: Encryption in pg_dump

Hi all,

Le jeu. 23 juil. 2020 à 07:34, Tim Cross <theophilusx(at)gmail(dot)com> a écrit :

>
> Paul Förster <paul(dot)foerster(at)gmail(dot)com> writes:
>
> > Hi Bruce,
> >
> >> On 22. Jul, 2020, at 20:55, Bruce Momjian <bruce(at)momjian(dot)us> wrote:
> >>
> >> Does anyone know why we are getting so many requests for encrypting
> >> dumps all of a sudden?
> >
> > probably because a) people don't read past posts and b) more and more IT
> heads decide that *everything*, be it internal to the company or not, has
> to be encrypted.
> >
>
> Yes, I think the IT heads issue is the primary driver - combined with
> very poor understanding of information security at senior levels and a
> huge growth of poor quality and 'snake oil salesmen' in the IT security
> space
> due to the amount of money ill informed senior managers are throwing at
> what they think is a technical problem which usually is in fact a
> business process problem.
>

The root cause is probably that, if you can't separate sensitive
information, you must encrypt everything - hence the dump. It may be a sign
of bad design to start with, with data at rest not protected in the first
place. It may also be a sign of "encrypt everything to be safe" as a false
perception of security, increasing the attack surface instead of reducing
it. And we could carry on with this list.

Put it on the account of GDPR, as compliance is not an easy job.

>