There are many encryption challenges in the tech world today, particularly as the importance of encryption as a fundamental, rather than nice to have for data security, becomes the norm for businesses. An increasing number of organisations worldwide are adopting encryption to address the growing concerns of data safety and data privacy for compliance regulations.
The prevalence of data breaches has played a huge role in this along with the growth of mobile and public cloud services becoming the norm in the enterprise IT infrastructure. For example, there have been a number of hacks that have underlined the risks of using 3rd party storage or Enterprise File Sync and Share (EFSS) solutions as either a primary storage solution for corporate data or where employees are allowed to put corporate data onto their personal accounts.
But it’s not just the cloud services, working with files or cloud services through unauthorised hardware such as home computers or mobile devices, increases the risks to a company of a security breach taking place. This could be a hack, or data being shared accidentally in an unencrypted format to an unauthorised person. Devices off the corporate network, and in the shadows, are not protected to the same level as those known to corporate IT, and the same is true of cloud services. They will not be subject to the same corporate, regulatory (HIPPA, SOX, PCI, etc.) policies in relation to encryption, authentication, identity and access management, threat detection, device management, or something as straightforward as password policy. The new EU General Data Protection Regulation (GDPR) set to come into force in from 25th May 2018 will place significant responsibilities and penalties on those that process, or store data related to EU citizens, regardless of the company’s location in the world.