Encryption at Rest: A Debate in Financial Institutions

The author of the post works in a financial institution and needs to collaborate with another company to host a sensitive file on an SFTP server. They recommend encrypting the file before transmitting it via SFTP, although some members of the IT team believe that encryption at rest on VMs/disks is sufficient. The author believes that encryption at rest only protects against theft or loss of disks and not against unauthorized access to the systems where the file is stored. They also mention the need to comply with the GLBA act to protect sensitive personal information.