From the article:

> Nothing in this diatribe argues that encryption at rest is creating a net negative, outside of it being represented as a be-all and end-all security measure. When I say encryption at rest is a scam, I’m talking about it from the eyes of the purchaser. And given that it’s their data at risk, this is the standpoint that matters.

"not creating a net negative". Blog author doesn't want to commit to anything. What's the point if they're not going to make a point?

The point is that while “not creating a net negative”, is it still creating the net positive that providers claim and in some cases want you to pay for.

Significantly: there are a whole host of risks that is doesn't mitigate, that it is not intended at all to mitigate, that people who don't know any better might assume are dealt with when things are pushed as secure “because the data is encrypted at rest”. If you read TFA you'll see that it details some of these concerns.

The point I read (though he was preaching to the choir) is that

> developers often rely on encryption at rest as a gold standard security measure

and they shouldn't.

Security isn't a list of checkboxes to tick.

Exactly. As explained in the article itself, the title is pure clickbait.

Most corporate blogs are less than useless. Clickbait titles are getting more and more prevalent too. "We're not sustainable" from yesterday is another example.

Yes, a title with a question mark can usually be answered by a simple "no". If it was a yes, the title "Encryption at Rest is a scam" would be more likely.

https://en.wikipedia.org/wiki/Betteridge%27s_law_of_headline...