Skip Links

Data encryption's adoption grows

Data breaches, regulations, simpler products pave way for increased encryption adoption

By , Network World
October 25, 2007 04:53 PM ET

Network World - Large security vendors are buying up encryption start-ups. Venture capitalists are putting money into young companies to spur the development of encryption products. New companies are launching products to help manage and simplify encryption.

With all this activity, is it safe to assume that companies are starting to embrace encryption as a pillar of their security infrastructures? Security experts and observers say yes, with the caveat that it’s a slow march toward full-blown encryption adoption.

With the threat of a data breach looming large over every corporation that handles sensitive information, encryption has become the No. 1 answer to the question, 'How do I protect myself?' Then there are the mandates -- the Health Insurance Portability and Accountability Act, Graham-Leach-Bliley, Sarbanes-Oxley, the Payment Card Industry data security standard, and other regulations -- that require data protection, for which encryption is again the obvious answer.

“All this stuff is making people responsible for losing data, and the only way to protect it is to encrypt it,” says Pascal Luck, managing partner with venture-capital firm Core Capital in Washington, D.C., which in 2005 invested in Trust Digital, which encrypts information stored on smart phones.

Add the fact that encryption products are getting less expensive and easier to use, and it makes sense that the findings of an August survey by Forrester Research indicate 62 % of corporate security professionals are increasing their encryption deployments.

Most companies, however, haven’t achieved encryption nirvana -- where unified policies are deployed throughout the organization that automatically encrypt sensitive data regardless of where it is stored or sent -- quite yet.

“We know we want to have [sensitive data] encrypted when it goes out the door, and we need certain policies to do that, we don’t want it to be willy-nilly” says Bob Gorrie, information security project manager with Bethesda, Md.-based USEC, a supplier of enriched uranium fuel for commercial nuclear power plants.

The company uses IronPort Systems' e-mail security appliance, which comes with some policies for encrypting the sensitive data found in outbound messages, but Gorrie says those policies need to be tested and refined. “Until you test them one at a time, you can set a policy and get a lot of false positives,” he says.

Still, some advances are being made that will help nudge companies toward wider adoption of encryption.

For one, encryption vendors have not evaded the consolidation that’s happening across the security industry, as larger companies make acquisitions. This is generally good for customers because it means encryption often becomes a feature of an existing product, as opposed to being a stand-alone offering that needs to be purchased separately and integrated on site.

Late last year IronPort– now a subsidiary of Cisco – bought e-mail encryption vendor PostX in an all-stock transaction, and has integrated PostX’s product on its e-mail security appliances. Earlier this month, McAfee snapped up hard-drive and file-encryption maker SafeBoot for $350 million, and plans to add the company’s technology to its data-leak prevention offerings. Last November Check Point Software bought Pointsec Mobile Technologies, provider of data encryption devices, for $586 million.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News