Unlocking encryption management

As encryption technology becomes more user-friendly and manageable, more businesses are adding standalone encryption platforms to their IT security

Someday, encryption features built into a wide range of IT products -- from operating systems and messaging gateways to hard drives and storage systems -- may work in concert to offer central policy enforcement across different types of network assets and devices.

Until that day arrives, however, companies embracing the tools have become dependent on standalone encryption platforms to give them distributed control and policy enforcement across their IT systems.

Long known as much for their complexity and demand for hands-on care and feeding as they have been valued for their protective qualities, encryption platforms are finally finding their way into a number of large businesses.

This growth in adoption has been driven by the proliferation of data protection regulations and based on the availability of products that address the hardest elements of encryption technology -- policy enforcement and key management, industry watchers contend.

"The performing of the encryption itself is something that generally belongs close to whatever type of data you are trying to encrypt, whether that is e-mail, network traffic, or a database, but companies are buying into technologies today that allow them to do centralized policy enforcement and key management," said Paul Stamp, analyst with Forrester Research.

"It's great in theory to say that all of this activity needs to happen in the infrastructure components themselves," he said. "But that's not a reality yet in terms of allowing for centralized management, so customers are turning to these platforms in the meantime."

End-users agree that encryption has long been a security process they desired to implement but couldn't stomach based on issues of complexity.

The arrival of more usable encryption technology over the last few years has helped eliminate some of the traditional roadblocks, according to some corporate users.

"From my previous experience with e-mail encryption, I had two major concerns with using the tools: Key management and any dependence on the end-user to make the systems work right," said Michael Gabriel, corporate information security officer for Career Education Corporation (CEC) a higher-education provider that operates more than 75 colleges, schools, and universities.

"I haven't ever seen an encryption project where management wasn't a major sticking point, that has been the history of the technology, but it seems that the vendors are finally getting it right," Gabriel said. "Compared to mapping the business process, putting the technology in place was a breeze. The only real sticking point was getting the data flow."

CEC is using encryption tools made by PGP in cooperation with its data leakage prevention and e-mail filtering systems to protect sensitive information being passed among its employees.

Gabriel said that PGP's embedded key management capabilities may be the most valuable aspect of the system -- a feature that simply didn't exist in the past.

Other PGP users echoed those sentiments, saying that encryption tools have advanced significantly over the past several years in terms of eliminating the management headaches that have made it challenging to deploy the systems on a wider basis.

At American National Insurance Company, IT leaders said that the financial services company had been considering broader use of encryption for several years before the combination of more streamlined technologies and increasing pressure in the form of compliance regulations encouraged the firm to dive in.

Today, the company is using PGP tools to both obscure sensitive e-mails and provide whole disk encryption to protect data stored on its desktop and laptop computers.

"We'd been looking at encryption closely since at least 2005, driven largely by the laws and compliance regulations that were being passed; we needed better e-mail security because we realized after sampling that we had a problem, and knew that we wanted to better protect sensitive information on our computers," said Ken Juneau assistant vice president of Information Technology Services at ANICO.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Matt Hines

InfoWorld
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Kurt Hegetschweiler

Brother PocketJet PJ-773 A4 Portable Thermal Printer

It’s perfect for mobile workers. Just take it out — it’s small enough to sit anywhere — turn it on, load a sheet of paper, and start printing.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?