Encryption of communication paths – it’s so easy but often not implemented

In a recent meeting with a customer group on security topics, one of the attendees asked everybody else whether they had implemented system-to-system encryption behind the firewalls in their internal landscape.

Only one attendee said yes. And it applied only for one system deemed extremely critical. To my astonishment nobody considered this strange or negligent. To make things clear everybody encrypted communication paths to their web applications at least outside the firewall. The unencrypted communication paths refer to between systems for background jobs, workflows, booking of bills, results or payroll from one system to another etc.

Most of the attendees stated that they had not implemented system to system encryption due to lack of time, other tasks becoming more important on short notice etc.

Many attacks start internally…


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s