Encryption Drivers
These usability advances come just in time, as compliance and other drivers are requiring the technology to help organizations meet everincreasing regulations. Gartner's 2007 Magic Quadrant for E-Mail Encryption notes that similar to previous years, most organizations "embarking on larger-scale email encryption projects continue to consist primarily of governments, military contractors, financial companies and healthcare-related companies." The author's note that the majority of the remaining users are coming from specific functional groups, such as HR or finance; or are needed confidential communications with third parties, such as clients or partners. "The big driver today is still compliance," agrees Martin. "If you were to use Google's utility tool that reveals Google Search results and checked for encryption, you would find that there were few hits until about a year ago and then it took off. There is a huge interest in it."
As compliance needs grow, so do the business opportunities for encryption vendors and beyond. "IronPort and PostX began working together to deliver encryption solutions in targeted verticals. After IronPort acquired PostX, we launched email encryption and Data Loss Prevention (DLP) capabilities as integrated features on the IronPort Email Security appliance and have seen incredibly strong, cross-vertical adoption of this product," notes Kennedy. So while Gartner notes the usual list of encryption users in this year's report, it will be interesting to see if that list expands next year. "There's a growing market awareness for the need to protect sensitive information in email with the combination of DLP and email encryption. Now that getting encryption is as easy as checking a box to enable the feature and going through a single configuration screen-and the pricing is attractive-we're seeing an up swell of interest well beyond the verticals that have historically been the encryption strongholds."
The need for mobile encryption is growing too. "Mobile devices have really changed the landscape and continue to," observes Dasher. "The Ponemon Institute recently interviewed companies that had security breaches and this year 49 percent of companies that had breaches, had a mobile device involved in that breach. This is up from 37 percent last year." It makes sense, as mobile devices have become not only popular, but also important business tools. "People are carrying around more and more data, on smaller and more powerful devices and we expect to see that continue." PGP has offered a BlackBerry solution for a number of years as RIM has been the de facto enterprise mobile platform, but Dasher notes that recently PGP is receiving more and more requests for Microsoft Windows Mobile in the enterprise.
Driven by the impact of data breach penalties and awareness, DLP is a popular topic. Brian Burke, a research analyst from IDC comments: "In today's enterprise, employees, even with the best intentions, often inadvertently leak sensitive information via email such as customer or employee information, regulated content, or intellectual property. Organizations should invest in technologies that enforce corporate policies, stop data leaks and provide secure delivery of sensitive messages."
According to Elgamal the industry numbers suggest that 80 percent of data leakage is unintentional. "There have been examples of where the data breach was intentional. Nothing can prevent everything 100 percent, but the thing that goes hand-in-hand with encryption, is understanding what is it that we are trying to encrypt." To do this Tumbleweed, as do other vendors, recommends tying corporate policy to encryption practices. Tumbleweed's MailGate capabilities extend data leak and content filtering functionality to enforce multiple policy actions on messages containing sensitive information based on user context, corporate rules and delivery methods like encryption. "This functionality goes beyond the limited reporting capabilities of other content filtering vendors, yet at a fraction of the complexity and cost. Through innovation of the user interface, the new MailGate automatically filters certain confidential information, including specific credit card, social security, and CUSIP (banking/ trading) numbers with a simple checkbox, making the enforcement of policies surrounding this data a best practice," notes Elgamal.
Encrypting Data
Encryption Drivers |
Encrypting Data |
Encryption ROI |
Moving Forward |
Cost of a Data Breach |
Data Loss Prevention and Encryption