Last week I attended an event in Seattle; it was a small, intimate group setting where a number of vendors talked about IT security with key business leaders. It was an interesting day full of discussion around how to secure the enterprise ranging from the cloud to end point devices.
The main thing about this event was all about having discussions with key CISOs and their teams about IT Security. It wasn’t about sales pitches, it was about the dialogue. It was a refreshing change as a presenter and forced me out of my traditional comfort zone to really focus on the conversation not my content.
It was in those discussions that a number of key things really came to light. The one that stands out the most is the definition of hardware-based encryption. As a data encryption vendor, our definition of hardware-based encryption is almost always a reference to things such as Self Encrypting Drives (SEDs). However, that reference was seen as something completely different by the people I was talking to in the room – they were thinking of back-end server appliances such as security gateways etc. When I asked how many of the organizations in the room used hardware-based encryption solutions a lot of hands went up – which was a huge surprise.
When I clarified what I was talking about and asked how many organizations in the room used SEDs, not a single hand was raised. This was more in line with my expectations but still somewhat surprising at the lack of adoption. There’s still a common misconception around SEDs that they’re expensive and difficult to manage.
In asking about their main concerns with integrating SEDs into their environment, these executives and administrators said the main stumbling block was central management and how creating a mixed environment with SEDs and software encryption would be a nightmare to try and manage. The fact is there are solutions out there that remove this kind of complexity.
Of course its self serving for me to say but it’s true, SecureDoc can seamlessly manage mixed environments without issue. When I pointed out that SecureDoc can intelligently determine if a client has an SED and make the decision to use the hardware based encryption install of installing software encryption a lot of eyebrows were raised.
The ultimate goal of the event was to have good, healthy discussions about IT Security and I think that was accomplished. The fact I had the opportunity to educate organizations about why encryption solutions don’t have to be complicated was a bonus. It’s always fun to educate people and dispel traditional misconceptions about technology.