[Cryptography] End to end

[Christoph Gruber]

On 2013-09-17 Max Kington <mkington at webhanger.com> wrote:


[snip]
> Hence, store in the clear, keep safe at rest using today's archival mechanism and when that starts to get dated move onto the next one en-masse, for all your media not just emails.
[snip]

I would tend to agree for environments with very high regulations, where the need to comply with regulations is more important than the need to keep data confidential.
I would suggest to balance that for every organisation. The risk to disclosure is much higher if data is stored unprotected. Any admin with access to the file system is able to read it.
Maybe this could be a cultural difference between US and Europe, the regulative pressure in US is higher, in Europe the privacy is more important or more protected.
I agree that both ways may be the right implementation for an organisation, but this has to be a management decision, balancing the needs.

Best regards

-- 
Christoph Gruber
"If privacy is outlawed, only outlaws will have privacy." Phil Zimmermann