[dizhn]

"not creating a net negative". Blog author doesn't want to commit to anything. What's the point if they're not going to make a point?

[dspillett]

The point is that while “not creating a net negative”, is it still creating the net positive that providers claim and in some cases want you to pay for.

Significantly: there are a whole host of risks that is doesn't mitigate, that it is not intended at all to mitigate, that people who don't know any better might assume are dealt with when things are pushed as secure “because the data is encrypted at rest”. If you read TFA you'll see that it details some of these concerns.

[ghusto]

The point I read (though he was preaching to the choir) is that

> developers often rely on encryption at rest as a gold standard security measure

and they shouldn't.

Security isn't a list of checkboxes to tick.