End-to-end data encryption: why HTTPS is not enough

Tozny CEO Isaac Potoczny-Jones published an article this month with SC Media. It covers end-to-end data encryption and illustrating why it’s a necessary tool above and beyond HTTPS:

As secure HTTPS becomes more pervasive, it is worth asking: why should you end-to-end encrypt data when HTTPS is pretty secure? The answer is that this is an important but small piece of the crypto puzzle. Organizations determining what additional security requirements are needed should start the process by answering a few key questions:

  • How many times does data get decrypted and re-encrypted in its journey from your user to your system?
  • How many systems get access to the plain text along the way?
  • And how many departments are responsible for this elaborate journey?

Once those questions have been answered, it is important to understand the limitations of HTTPS, and benefits that end-to-end crypto can deliver.

Read the whole article on SC Media.