Content Copyright © 2009 Bloor. All Rights Reserved.
In March 2009 Bloor Research released a Market Update on the
subject of Data Encryption.
The past year has, yet again, seen significant data loss
incidents that could have easily been avoided if sensible data encryption had
been implemented. Gradually the flood of horror stories are forcing a rethink
across both the private and public sectors as they grasp the significant impact a data loss incident can have on
customers, clients or citizens.
Arguably the protection of data should be one of the top
objectives of any IT function. Encryption, which is the process of taking a
piece of data and obscuring it so that unauthorised people cannot view it
should therefore be fundamental to the work of an IT department in any sizeable
organisation. Small and medium sized businesses are also realising that data
protection, in the form of encryption, is for them as well.
Encryption has always been surrounded with a mystique that
seems designed to confuse anyone other than the most technically adept.
Ultimately the key business decision is to protect data, the way this is done
is not that relevant at a business level. What is of interest is the cost
associated with managing such a security model. In particular the way in which
keys, which enable data to be encrypted/decrypted, are managed can have a
significant affect on the cost of owning a solution.
Encryption vendors range from very small, technically clever
businesses through to much larger and significant players in the world of data
encryption products. Any decision to embark on a data encryption purchase needs
to be taken at a strategic level within an organisation as a customer will be closely
aligned to their encryption supplier for a long time. Replacing an encryption
solution with another is a complex, time consuming task so it is better to make
the best decision at the beginning. An encryption supplier needs to be assessed
for their stability and maturity as well as their product set as customers need
to be assured that the supplier will be around in years to come.
Historically confidential data may only have been handled by
a select few members of an executive team, but now it is likely to be accessed
by all levels of staff throughout an organisation. Increasingly having a secure, encrypted IT
infrastructure is a prerequisite for dealing electronically with many financial
and institutional data suppliers such as banks and brokerages.
This prevalence of confidential information across a
business posses a challenge to corporate policy makers and the IT departments
who are tasked with keeping the data secure. Countless cases have been
highlighted over the past year where staff at all levels have accessed vast
amounts of valuable data only for it to stolen from unprotected laptops,
transferred to business partner servers, or sent via email to recipients with
uncertain security. The downturn in the global economy has forced many out of work.
Where in the past this may have been production or manual workers, the latest
downturn is affecting knowledge workers that have access to computer systems
and data. Often bearing a grudge or resenting the decision to let them go
ex-employees will often remove data in the form of customer lists, email
accounts or other sensitive data. Clearly being fired stretches the loyalty of
the most diligent of employees.
Various legislation is now in place, in some jurisdictions,
to force data owners to publicly disclose if confidential data is lost. This
requirement is removed if the data is encrypted.
Stresses in the global economy are putting even more data at
risk of inappropriate access. Data encryption, in what ever format, is here to
stay as it forms an integral component of a secure computing environment. This
market update has highlighted key players and how they are striving to innovate
in the encryption market. Inevitably the larger and more stable vendors will
win business from large and enterprise sized customers but there is still
demand for innovative solutions from the small encryption vendors.
One year on the strategic deployment of encryption solutions
is still seen as difficult by many organisations and vendors must work hard to
provide a product set that can be rolled out systematically over a period of
time. Many customers have had a bad experience of encryption solutions and need
reassurance that a new solution will be fit for purpose. Of significant concern
will be key management and how this can be made more manageable than in the
past – this appears to still be the number one issue with customers that have
had a bad experience with encryption. The development of the OASIS open key
management protocol will be followed with interest by many.
Debates about email encryption architectures will continue,
but ultimately it is up to a customer organisation to deploy an email
encryption solution that best fits their messaging infrastructure. Either
choice of encryption is better than none, bearing in mind the quantity and
quality of data that is communicated via email.
Inevitably the distinction between encryption and data leak
prevention will continue to erode as vendors talk of a more comprehensive
Enterprise Data Protection architecture. This will take time as acquisitions
and partnerships need to settle down and technologies shared. At the lower end
of the market, for example individual consumers and very small businesses,
there will still be demand for basic encryption as a stand alone offering as
they do not face the same management issues as larger enterprises. This will
continue to provide an opportunity for the more tactical encryption vendors.
This next year will continue to see a colossal change in the
worldwide financial system and the associated risks to data of all forms. The
need for decent encryption should therefore be very high on any IT security
The Market Update is available free of charge at BloorAnswers.com and features a number of vendors including;
- Credant Technologies
- Mobile Armor
- FrontRange Solutions
- Tumbleweed Communications
- Voltage Security