As secure HTTPS becomes more pervasive, it is worth asking: why should you end-to-end encrypt data when HTTPS is pretty secure? The answer is that HTTPS is an important but small piece of the crypto puzzle. Organizations determining what additional security requirements are needed should start the process by answering a few key questions:Read the whole article on SC Media.
Once those questions have been answered, it is important to understand the limitations of HTTPS, and benefits that end-to-end crypto can deliver.
- How many times does data get decrypted and re-encrypted in its journey from your user to your system?
- How many systems get access to the plain text along the way?
- And how many departments are responsible for this elaborate journey?
Tozny CEO Isaac Potoczny-Jones published an article this month with SC Media covering end-to-end data encryption and illustrating why it’s a necessary tool above and beyond HTTPS: