This is a short highlight video of CISO Series Video Chat “Hacking the Encryption Fallacy: An hour of critical thinking on where encryption fails and how to keep data protected continuously.”

Our guests for this discussion were:

Watch the full video

Got feedback? Join the conversation on LinkedIn.

HUGE thanks to our sponsor Sotero


Best Bad Ideas


Congrats to Mike Wilkes, CISO, SecurityScorecard for winning this week’s Best Bad Idea!

Other honorable mentions go to:

“Encrypt everything including end users” – Craig Hurter, director security operations, Colorado Governor’s Office of Information Technology

“Give the encryption keys for all databases and other sensitive data to all employees before they start (send to personal email) so they don’t have any barriers to productivity.” – Brian Colt, IT administrator, Dash

“Store encryption keys in a public S3 bucket” – David Christensen, director of global information security engineering and operations, WEX

“Encrypt everything even the weather forecast” – Drew Brown, IT security manager, Commonwealth of Pennsylvania

“Leave spare encryption keys under the plant at the front door.” – Chantel Pszenny, marketing operations manager, Sotero

Best Good Strategies

“Only encrypt data that really needs to be encrypted.” – Larry Rosen, manager, security advisory, Avanade

“Don’t store data that you don’t need. Only store what’s absolutely necessary.” – Joshua Scott, head of information security & IT, Postman

“Implement a comprehensive data security program, don’t just rely on encryption.” – David Christensen, director of global information security engineering and operations, WEX

“Make data ownership, and the responsibilities associated with that ownership, explicit.” – Brian Colt, IT administrator, Dash

Quotes from the chatroom

“Encryption keys should be kept close to the encrypted data to make is easier to implement” – David Christensen, director of global information security engineering and operations, WEX

“When governments set standards, they often forget that things will change moving forward. Then we’re all left with lousy standards.” – Ian Poynter, virtual CISO, Kalahari Security

“Encryption tools won’t save you from having to establish data ownership, access control, inventories, governance, and defined timelines for retention.” – Sean Kelly, manager – enterprise information risk assurance, BlueCross BlueShield of Western New York