[clue] Securing data in transit/at rest.
jacob
jborer at gmail.com
Tue Nov 11 11:55:10 MST 2014
Some thoughts:
Encrypting and signing as part of the file generation process is totally
appropriate and I would call it a best practice. Especially if the file
contains sensitive data.
1) You have to trust that the sftp service, machine, filesystem, backups,
and anywhere else that has access to the raw unencrypted files is secure.
All the recent front end server exploits are reason enough to encrypt the
file prior to transfer.
2) If you are sending me a data file you probably are generating the file
and then transferring the responsibility of transfer to a separate job. If
only one job in your network can sign the file I am less worried about the
security of your filesystem and backups.
3) I don't want to trust my own network. I only want to be able to process
this data in the specific jobs that have access to the private key. I don't
want to trust all the various actors in my organization.
Yes, so that's my complaint. Their policy is that files must be encrypted
> before sending via SFTP.
> But there's no rationale and if I pin them down I'd bet the answer is
> they don't know. Or they'll
> agree but stick to their policy because "more is better" or "it can't
> hurt".
>
> Dave
> _______________________________________________
> clue mailing list: clue at cluedenver.org
> For information, account preferences, or to unsubscribe see:
> http://cluedenver.org/mailman/listinfo/clue
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://cluedenver.org/pipermail/clue/attachments/20141111/048b91c7/attachment.html
More information about the clue
mailing list