You'd think with over a billion records hacked and exposed and more everyday (like the T-Mobile hack last week) that companies would be using EAR now.
I'm wondering what I'm missing as to why companies don't encrypt their data at rest. EAR is built in to most database products today so why not use it.
Even FileMaker supports EAR.
Are companies in general just too lazy to implement EAR and better security so the hacks don't happen in the first place or are penalties for losing customer data too lax? Perhaps this question is not an either/or but both and other reasons too.
What good is it if you use a VPN, encrypt your hard drive, etc., only to have the companies who have your data out of your control be totally lax and get hacked -- then just send you the obligatory "oops, sorry....here are the credit bureaus so YOU can follow up and protect yourself (from our incompetence)" letter?