[ziddoap]

What do you mean "light" version of encryption?

Anyways, the improved security comes from the fact that even when the server itself is improperly accessed (maliciously or not), the data you aren't currently accessing remains encrypted.

With (just) full disk encryption, you aren't protected when the (running) server is accessed. All of the data can be exfiltrated in plaintext.

[cjonas]

Gotcha... so basically encryption of disk at rest prevents someone from walking out with a drive...

Encryption "at rest" in the database prevents someone with server or direct db connection from pulling the data.

I had never really thought of those as two different vectors, but of course they are. Thanks for clarifying!

With Salesforce and how a lot of these companies manage their security model, I'm still confident that investing in securing unauthorized user access is still orders of magnitude more useful than putting time and effort into this vector.

[ziddoap]

>I'm still confident that investing in securing unauthorized user access is still orders of magnitude more useful than putting time and effort into this vector.

These are addressing two different scenarios, so they should be mitigated separately. In one case, you are mitigating against unauthorized access. In the other, you are mitigating the damage that can be done when someone has already gained unauthorized access (however that occurred). After all, the only system immune to unauthorized access is the one that doesn't get powered.

"Defense in-depth" is thrown around a lot, but it really is important. I do agree though, when it comes to priority of implementation, I would start with protecting against unauthorized access first.

[cjonas]

I don't disagree on a conceptual level, but on a regular basis I deal with companies completely lacking any real access model, users without MFA, blanket admin level access, etc... getting sold on this particular product and something spending 7 figures to adopt it.