Organisations large and small are investing in digital transformation programs, cloud migration projects, and enterprise mobility initiatives with a view to growing the business and increasing operating efficiency.
However, corporate information security management policies do not appear to be adapting quickly enough to cope with the tumultuous rate of change imposed by the rapidly evolving business and technological landscape.
“Although encryption has been around for many years, it has come to the fore again recently as a means of making it more difficult to gain unauthorised access to sensitive or confidential information, especially within the context of mobile devices,” says Richard Edwards, research analyst, Ovum.
“We fully expect increased adoption of encryption technologies in the near term as organisations bolster conventional approaches to information security management in an attempt to stem the flow of data leakage incidents and privacy breaches.”
Edwards believes that most data will eventually be encrypted at rest and/or in motion; however, for a variety of technical, practical, and legislative reasons, organisations must be diligent and meticulous in their use of this technology, with the customer and employee experience being of paramount importance.
“Companies can prioritise the encryption of corporate data by carrying out a data classification exercise across their business processes and IT infrastructure,” Edwards adds.
For Edwards, data classification can be a “resource-intensive and costly” process, as not only is it time- and resource-consuming to implement a manual classification in the first place, but it also requires employees to be aware of changing classification policies going forward.
In addition, there is also the issue of applying policies to information and data items that are already in motion or in distribution channels.
While training can help raise the awareness of data privacy and information security management issues, Edwards believes organisations must first focus on the basics, which means putting in place a set of “robust, reliable, and easy-to-use” solutions to address the most common data-related activities that employees undertake every day.
“For most enterprises, this means improving email information security management and adopting a more proactive approach to the distribution and sharing of file attachments,” he explains.
Going forward, Edwards says the only realistic way of managing and maintaining such processes is to instantiate the organisation’s information security management regime through the use of automated, policy-driven implementations.
“And in the case of email messaging and file sharing/transfers, this means adopting solutions that are capable of securing data in motion as well as data at rest, both on-premise and in the cloud, and in a manner that is near enough invisible to the business end user,” he adds.