Risk Mitigation

When I attended the Gartner Security & Risk Management summit a couple of weeks ago, I attended a session about Encryption Planning Made Simple. It was a good look at some of the issues facing organizations today and the barriers to the adoption of data encryption solutions.

One of the key points of discussion for this session was the fact that many things are changing in the market today. What was once a very stable market historically is now experiencing huge changes thanks to various regulations being evaluated by government or things like cloud storage solutions. So while data storage encryption isn’t mandatory for the majority of organizations, it’s suddenly becoming a very hot topic. A great statistic presented by Gartner in this session was:

“By 2016 only 25% of enterprise located within data breach notification jurisdictions, will encrypt centrally stored personal or health data.”

Given the number breaches in the last year alone at various healthcare and other organizations, this is a staggering number. But what’s driving this is the fact many of the regulations out there aren’t mandatory… yet. The end message was that organizations really need to evaluate the various regulations and balance them against security controls and risk mitigation issues when considering how to best deploy encryption solutions.

Tying into the concept of regulations, is the impact of cloud and how that affects an organization and the data they’re storing. Many cloud providers aren’t local to a particular country and that could mean data is stored across borders and jurisdictions. What does that mean when legal protection is required? Additionally, what about countries that required specific security requirements for the privacy of data? If it’s in the cloud in another country or jurisdiction is that requirement still valid?

What it all came down to when discussing the risks and benefits is the fact that data encryption solutions offer risk mitigation. They’re like insurance in the event data is lost or stolen. They can help minimize the requirements for reporting data loss (if encrypted) and when dealing with the cloud, offer better protection than the ‘built-in’ security cloud providers offer.

Right now, the cloud is one of the most complicated issues surrounding data encryption and security. The goal should be to encrypt data in the cloud but keep keys locally with the organization. It sounds simple but it’s a tricky subject matter. We’re working to address this solution for customers and hope to be able to show off something pretty cool in the near future.

Previous Post
Emergency Services Organization Need Protection Too
Next Post
All for One

Related Posts

Constant Improvement

Late last year we introduced SecureDoc 6.1 and introduced a whole host of new features including MDM, FileVault 2 management capabilities, a Web-based console and more. As with any new release there are kinks that can be worked out and…

On the Right Track for India Expansion

WinMagic has been on a roll lately working with partners like Guidance Software and our ongoing relationships with HP, Lenovo and Motion Computing. We’ve also focused on our global growth this year expanding our business in India. (more…)
Read more

Encryption Alphabet Soup

Learning a multiplicity of acronyms is pretty much a requirement for navigating any discipline. Every field has its own set of acronyms and the sequence of 3 or 4 letters that usually make up the acronym most likely has a…

Leave a Reply

Your email address will not be published. Required fields are marked *

Fill out this field
Fill out this field
Please enter a valid email address.

Menu