Risk Mitigation

When I attended the Gartner Security & Risk Management summit a couple of weeks ago, I attended a session about Encryption Planning Made Simple. It was a good look at some of the issues facing organizations today and the barriers to the adoption of data encryption solutions.

One of the key points of discussion for this session was the fact that many things are changing in the market today. What was once a very stable market historically is now experiencing huge changes thanks to various regulations being evaluated by government or things like cloud storage solutions. So while data storage encryption isn’t mandatory for the majority of organizations, it’s suddenly becoming a very hot topic. A great statistic presented by Gartner in this session was:

“By 2016 only 25% of enterprise located within data breach notification jurisdictions, will encrypt centrally stored personal or health data.”

Given the number breaches in the last year alone at various healthcare and other organizations, this is a staggering number. But what’s driving this is the fact many of the regulations out there aren’t mandatory… yet. The end message was that organizations really need to evaluate the various regulations and balance them against security controls and risk mitigation issues when considering how to best deploy encryption solutions.

Tying into the concept of regulations, is the impact of cloud and how that affects an organization and the data they’re storing. Many cloud providers aren’t local to a particular country and that could mean data is stored across borders and jurisdictions. What does that mean when legal protection is required? Additionally, what about countries that required specific security requirements for the privacy of data? If it’s in the cloud in another country or jurisdiction is that requirement still valid?

What it all came down to when discussing the risks and benefits is the fact that data encryption solutions offer risk mitigation. They’re like insurance in the event data is lost or stolen. They can help minimize the requirements for reporting data loss (if encrypted) and when dealing with the cloud, offer better protection than the ‘built-in’ security cloud providers offer.

Right now, the cloud is one of the most complicated issues surrounding data encryption and security. The goal should be to encrypt data in the cloud but keep keys locally with the organization. It sounds simple but it’s a tricky subject matter. We’re working to address this solution for customers and hope to be able to show off something pretty cool in the near future.

Previous Post
Emergency Services Organization Need Protection Too
Next Post
All for One

Related Posts

Enterprise Encryption for Linux

Enterprise Encryption for Linux

Linux has built in encryption for several years now, yet enterprises still struggle with encryption on Linux laptops.  Why is that? To answer this question, let’s first review the disk encryption capabilities that are built into Linux: (more…)

Revisiting the TPM

TPMs have been shipping for nearly 8 years now.  WinMagic was an early adopter and supported TPM version 1.1 for full disk encryption before most.  We expanded our support to the more main stream version 1.2 TPMs when they started…

SecureDoc 6.2 is here!

As we teased last week, we have been gearing for a launch today and that launch is SecureDoc 6.2. Now, it may not seem like a significant step from 6.1 to 6.2, but it’s more than just what’s in the…
Read more

Leave a Reply

Your email address will not be published. Required fields are marked *

Fill out this field
Fill out this field
Please enter a valid email address.