As 2012 draws to a close, many IT professionals are re-examining priorities and setting new goals. A recent InformationWeek survey found that tech decision makers ranked improving information security as their number one goal for the coming year. In response to the survey results, the publication offered a series of tips for organizations to simultaneously strengthen and simplify their encryption practices.

Drawing on the insights of InformationWeek's Outlook 2013, security consultancy CEO Michael A. Davis recommended businesses begin by condensing the number of encryption tools they use. He noted that, while flexibility is an important consideration when choosing data security solutions, organizations should avoid selecting too many encryption products so that sprawl is kept to a minimum.

"At minimum, require that a central team approve all new encryption software buys, rules and implementations," Davis wrote. "This same group must ensure that processes, such as certificate management, are updated to include the new software project that teams want to implement.This one simple change dramatically reduces the sprawl of encryption products and processes."

While businesses should limit the number of data security software solutions they use, they should also make sure the encryption tools they choose offer flexibility, Davis said. The more flexible the tool an organization chooses, the easier it will be to adapt when the business wants to take advantage of new technologies such as cloud or when a company merger forces integration with a new environment. A Computerworld article noted that CIOs have a responsibility to anticipate change and be ready to implement new tech mandates from a CEO, for instance.

"When I see an implementation go wrong, it's usually because someone from above mandated it … Something is brought in all of a sudden, and the infrastructure folks are saying, 'I wish someone had asked me because this doesn't jibe well with the technology we have,'" Forrester analyst Rachel Dines told the publication.

Creating the right fit
Just as companies can benefit from limiting technological sprawl, they should prioritize sensitive data to optimize the effectiveness of their security solutions, Davis noted. Rather than putting encryption everywhere at once, organizations should weigh the capabilities of their tools and key management practices and create a scalable solution that makes the most of their resources.

Part of implementing an encryption strategy should also involve customizing processes to fit a specific business culture. By adopting encryption that works across computing platforms and in physical, virtual and cloud environments, companies can ensure that they have a range of solutions that are easily adaptable to specific needs throughout the business.