Moving Forward
Given the progress in encryption technology and the growing understanding of the return on investment for encryption, what will the coming years bring? "I think we will see more messages encrypted. You will see the penetration of hard disk encryption go up. You will see other things encrypted too, like credit card numbers within a database," believes Martin.
Dasher likewise sees encryption expanding into other areas. "In the near term, from a trends perspective, if we are honest with ourselves we would say 2007 was the year of laptop encryption realization. Now that most companies have realized that if you have laptops or mobile devices they need to be encrypted, I think in 2008 two other realizations will set in. One: now that we did our laptops, what about all these thumb drives, and portable storage devices? These are even more at risk than the laptops because they are smaller, and cheaper and easier to lose. Two: related to that, we will also see recognition that it is not enough to protect the device, but more and more analyst are pointing out that the data itself needs to be protected, not just the device, because it is hard to know where the data will end up. Soon organizations will embrace this whole concept of enterprise data protection and recognize that it is really a framework that spans both departmental boundaries as well as data/device boundaries."
Even though encryption has been around for a long time, it clearly has reached next generation, one that should be part of a layered approach to security. Kennedy notes that: "We're seeing consolidation, as vendors integrate DLP and encryption capabilities as part of a comprehensive email security solution. This step for the first time makes it practical for email administrators to roll this out across the entire organization."
All agree that encryption should be a part of a larger security strategy. Elgamal reminds that "encryption does not prevent people from reading things, if the recipient has the key to decrypt, it does not matter whether it was encrypted or not. It is important for people to understand what problems encryption actually solves and what else they need to do around it so that the system is complete."
Dasher advises companies that have previously avoided encryption to take another look. "I think sometimes people say, we have not had a break-in, therefore we do not have any problems. But if you have someone making decisions about security, you do have problems. That is the beauty of having a product like the PGP encryption platform. It can take that policy that you so carefully developed and uniformly apply it. Rather than publishing a nice memo to your employee base that says, 'here are our policies, you must follow them'. As soon as you rely on human beings to enforce your policy by definition, while well intentioned, they are not necessarily consistent. Don't wait for a magical security policy, get started." SJ/TMP
EDITOR'S NOTE: As a related topic, be sure to read Content Monitoring/ Data Leak Prevention. Also, refer to Email Encryption: The Art of Secrecy in the July/August 2006 issue of Messaging News.
Encrypting Data
Encryption Drivers |
Encrypting Data |
Encryption ROI |
Moving Forward |
Cost of a Data Breach |
Data Loss Prevention and Encryption