A quick legend for those unfamiliar with the terminology of securing data:
"over the wire" means that you encrypt or secure your network connection, using SSL is a common method of "over the wire" encryption.
"at rest" means where your data is stored is secured. I would love to call this "disk level encryption", but the truth is DLE is a method used for encrypting data "at rest", and therefore just causes too much confusion when used.
Here are the primary reasons to get into the encryption game, and the impact it likely has on an application developer:
- Security : As you can imagine this is a broad one and can mean a bunch of different things to different people. Let us consider the NSA or Military, in this case you may be asked to meet a certain security level even though your application has little or no "secure" data. This will likely require all data to be secured "at rest" as well as "over the wire", and may even require changes to the application to allow for two factor authentication or other types of security.
- Regulatory Compliance : And this one is a can of worms, we are finding out more every day as to which law applies to which customer and what they must do about it. Depending on the choices your company makes on this it can be relatively painful as an application developer to nearly painless.
- Protecting against physical theft : This one is the least painful for application developers, as in most cases it only means securing data "at rest".