Data Protection – Put Your Money Where Your Doubt Is

I have some good news and some bad news on encryption. First, the good news: encryption is all over the place! The bad news? Encryption isn’t really all over the places data needs it to be.

We had an eye-opening talk on encryption recently in a webinar with 451 Research. In the webinar, Eric Hanselman, 451’s security analyst at-large, doled out a review of how companies implement encryption. A whopping 82% of respondents to their survey had encryption “in use”. Great news, right? Until he went further, and itemized how companies were relying on encryption.

Primarily, companies opted for crypto methods that satisfy compliance but not necessarily true security. Here, we’re talking about laptops (80%), hard-drive (60%) and email (55%) encryption. When it came to practices for solid, end-to-end security via encryption, the results were lowly: only 2% of companies were using encryption for “data in motion” (the volumes of info you’re sharing) and 4% had locked down “data at rest” (the big bytes of data stored for use or audits at a later date).

The gulf between these applications of encryption might sound like semantics or inside baseball to some. But it really gets to a mistake in how and where companies look to protect their most sensitive documents, data and communications. By failing to encrypt data in motion and at rest, you’ve left access and control over information to leave through the front door. (And if you don’t think the data is valuable, ask Radio Shack.)

Hanselman framed it like this:

Despite some challenges in IT budgets, people are continuing to spend on encryption. This is a good thing broadly. But what does that mean in terms of effectiveness for how people actually use encryption? People are coming at it with solutions that work for a certain set of use cases: volume and hard-drive encryption for laptops; email exchange. When you think of that valuable data, what more and more organizations secure today isn’t on devices … but there’s a lot more of that data which is heading out of the normal corporate environment.

We preach layers of security and practice protection as a process. It’s worth also revisiting what you’re using. Why opt for encryption if it’s not the type of encryption you really need?

Matt Little

Matt Little

Matt is a technologist at heart and has more than a decade of experience in the IT industry. In his role as VP Product Development, Matt oversees planning, development and lifecycle management for next generation PKWARE offerings including Viivo and vZip. Matt also plays a critical role in setting and driving product strategy and go-to-market activities for these products.

Prior to his current role, Matt held jobs as MIS/IT Director and IT Manager for PKWARE. Prior to PKWARE, Matt worked for Compuware and Johnson Controls. Matt graduated from Marquette University with a BS in Computer Science.

Find more posts by: Matt Little