Enterprise security teams have long struggled with the complexity of encryption and key management. While integrated solutions are starting to make it easier to encode and decode critical data, the goal of enterprisewide encryption has greatly increased the time it takes for security teams to cover their bases.
In fact, for many it could be a resource-sucking nightmare.
"Most enterprise encryption products require investments in data compartmentalization, account management, and user training in order to be effective," says Ryan Shaw, co-founder at Bionic. "Unfortunately, many organizations just can't afford that investment."
Add to that, most solutions don't offer protection from an advanced and determined attacker — another reason why many organizations have not embraced enterprisewide encryption, Shaw says. It also becomes complicated due to competing priorities among the different lines of businesses, each with their own ideas of what serves the business objectives and yields the best return on investment.
Not So FastDespite these legitimate obstacles, enterprise encryption is still a mandate for many security teams — though it doesn't have to be all or nothing.
Rather than taking an all or nothing approach, organizations should begin with the core elements of good cyber hygiene inherent in full disk encryption and transport layer security (TLS). Organizations that are not burdened with budgetary restraints are more likely able to make use of them for data at rest and for data in transit.
"Cloud providers, such as Amazon and Microsoft, also have robu ..
Support the originator by clicking the read the rest link below.
