How To Combat Encryption Sprawl

By Richard Moulds, VP Strategy, Thales e-Security

Encryption isn’t new, but it is gaining new momentum. Used for decades in the financial and defense industries, encryption is on the rise again due in part to recent privacy concerns, aggressive data breaches, and laws regarding the disclosure of those breaches. Organizations from small to large are now seeing encryption technology not just as a nice-to-have but as a must-have.

Encryption has historically been used very narrowly to protect specific kinds of data. Now, though, it is being more ubiquitously deployed. For example, Google and other major email service providers are now encrypting email for their users. Online retailers could not stay in business without encryption. The proliferation of mobile devices has expanded attack surfaces, requiring enterprises to use encryption within their Internet IT systems.

As a multitude of encryption tools are deployed to protect a wide variety of data, these tools tend to create security silos. While a silo is better than no security, it creates added complexity to the security landscape and increases the risk of inconsistency and fragmentation — otherwise known as “encryption sprawl.” The growing popularity of cloud services only deepens the problem. If encryption were standardized, this would not be an issue. Though there are a few widely used encryption algorithms like RSA and AES, the silo effect remains. It’s important to understand what is available and what your organization requires in terms of data security to ensure an encryption strategy that offers the maximum in data protection.

Please log in or register below to read the full article.