As I have often said, absolute security is an abstract, theoretical concept. Forget all of the issues inherent in putting your secrets on the Web. If secrets exist anywhere, other than in memory in a human brain, and perhaps even there, they can be compromised. Period. Our best hope is to make sure that even the most dedicated information thief will given up after trying everything in his or her bag of tricks.
And it thus comes as no surprise that the National Security Agency, as reported by the New York Times, covering yet another leak from the ethically-challenged Edward Snowden, can break common encryption implementations, including SSL, VPNs, and other commonly-used encryption techniques and technologies. I, mean, duh, c'mon. NSA has two key missions - create codes, and break codes. And remember that the technology behind many of the common encryption schemes that we all depend upon began at NSA. Does anyone seriously believe that NSA would propose the commercial use of technology that they didn't have a handle on, to put it mildly? I have suspected from some time that the NSA can break 128-bit AES in essentially real time, and likely 256-bit without too much additional effort. These guys are very, very smart and have massive amounts of computer power to throw at the problem. Again, this is their business.
I remain convinced that, ultimately, anyone desiring to protect their data from prying eyes of any form must implement solutions at Layer 7, and then take advantage of any additional protection, such as it may be, offered at Layers 2-4. I predict an uptick in the number of security products taking just this approach, and applying such techniques as steganography and other out-of-band key transmission techniques. I'm sure NSA could make a serious go of cracking anything, but I also assume that there are others out there with similar but truly nefarious intent. Trust no one. Take control of your sensitive information now. In my experience, security is taken far too lightly in many organizations today. The peril is real, and one might never even know that his or her critical data has been compromised.