Encryption not a performance issue for data-centric security
As I've mentioned before, there seem to be three big ideas that are getting more and more people to think about data-centric security: mobile devices, cloud computing and offshoring. But if you encrypt all of your data, won't that create a big performance problem? After all, no computing is free and encryption often takes more computing power than other routine tasks.
Or does it?
A story that one of our support people told me about a recent experience that he had with a customer leads me to believe that encryption probably won't cause any performance problems at all when it's used to protect sensitive data in a data-centric security architecture. Here's roughly what happened.
A customer contacted one of our support people because they were seeing decreased performance in one of their systems. Having just added encryption to their architecture, they quite reasonably assumed that the encryption was causing this problem. After walking through several tests with the customer, our support person finally asked them to run one of their tests again with the encryption turned off.
The result was a bit surprising: the performance was actually worse without the encryption than with the encryption.
The difference was actually so small that you couldn't call it statistically significant, which means that the performance with encryption and without encryption were so close that other random fluctuations in system performance were actually greater than the difference in performance caused by using encryption, and further testing verified that this was indeed the case.
So it looks like that it may be the case that using encryption to implement the data-centric security architectures that people are talking about now may be even easier than you might think. At least based on that single data point.