Gary Varga (9/15/2016)

---

djackson 22568 (9/15/2016)

---

Eric M Russell (9/15/2016)

---

But going back to Steve's editorial, organizations need to implement application level encryption (ie: PGP for emails) and database level encryption rather than relying on infrastructure encryption like SSL, VPN, or cloud provider security for which the NSA can discover (or mandate) back doors.

How does that (DB encryption) allow for transfer of information over the Internet. I am unfamiliar with alternatives to SSL/VPN/FTPS that would work, unless that is what application level encryption means. For example, we have a lot of systems that dump data to share with our vendors, and to get it to them we have to use a VPN or FTPS.

I think the point is that SSL etc. only protects the data in transit. One needs to protect it in situ as well.