Large security vendors are buying up encryption start-ups. Venture capitalists are putting money into young companies to spur the development of encryption products. New companies are launching products to help manage and simplify encryption.

With all this activity, is it safe to assume that companies are starting to embrace encryption as a pillar of their security infrastructures? Security experts and observers say yes, with the caveat that it’s a slow march toward full-blown encryption adoption.

With the threat of a data breach looming large over every corporation that handles sensitive information, encryption has become the No. 1 answer to the question, 'How do I protect myself?' Then there are the mandates -- the Health Insurance Portability and Accountability Act, Graham-Leach-Bliley, Sarbanes-Oxley, the Payment Card Industry data security standard, and other regulations -- that require data protection, for which encryption is again the obvious answer.

“All this stuff is making people responsible for losing data, and the only way to protect it is to encrypt it,” says Pascal Luck, managing partner with venture-capital firm Core Capital in Washington, D.C., which in 2005 invested in Trust Digital, which encrypts information stored on smart phones.

Click to see: Chart showing increased encryption

Add the fact that encryption products are getting less expensive and easier to use, and it makes sense that the findings of an August survey by Forrester Research indicate 62 % of corporate security professionals are increasing their encryption deployments.

Most companies, however, haven’t achieved encryption nirvana -- where unified policies are deployed throughout the organization that automatically encrypt sensitive data regardless of where it is stored or sent -- quite yet.

“We know we want to have [sensitive data] encrypted when it goes out the door, and we need certain policies to do that, we don’t want it to be willy-nilly” says Bob Gorrie, information security project manager with Bethesda, Md.-based USEC, a supplier of enriched uranium fuel for commercial nuclear power plants.

The company uses IronPort Systems' e-mail security appliance, which comes with some policies for encrypting the sensitive data found in outbound messages, but Gorrie says those policies need to be tested and refined. “Until you test them one at a time, you can set a policy and get a lot of false positives,” he says.