What you should know about data encryption

A new report from WinMagic Data Security acknowledges that misconceptions about data encryption persist – even among people who are generally knowledgeable about computers.

"All too often, the myths surrounding encryption are based on misunderstanding of the technology or outdated concepts," the report states. Facts support encryption as a proven technology that delivers strong, effective data security.

The report debunks seven common myths and outlines what you should know about data encryption.

1. Passwords protect laptops. Although it may seem like a username and password is enough to protect your laptop, according to the report, this practice is "woefully inadequate" if your laptop is lost or stolen. In fact, those with little experience can remove the hard drive from a laptop and access data contents from another system. "A variety of common hacking tools can make short work of the username and password combinations that normally protect a laptop during login," reads the report. Relying on password protection for casual computer use works for some, but passwords alone are "weak and unacceptable, nor are they a suitable method for meeting regulatory requirements."

2. Data encryption slows performance and lowers productivity. Historically, data encryption did slow down less-powerful computer processors. "To many users, this seemed like an unacceptable trade-off to pay for the benefits of data security," according to the report. "It also established data encryption in many peoples' minds as a technology that caused poor performance." However, encryption operations that were once performed in software, the report says, are carried out more efficiently in processor hardware, and as a result, most users on current systems don't even notice when the encryption is taking place. "Although mobile computing devices – such as tablets, laptops and smartphones – don't have the same processing capacities as desktop machines, typically, even their processors can efficiently handle encryption fairly transparently."

3. Deploying data encryption solutions can be a challenge. True, data encryption solutions without a single point-of-control can be a challenge to plan, deploy, implement and maintain. But, well-designed solutions offer aspects, like a management console, to alleviate some of the headaches. "This ensures consistency in maintaining the highest standard to meet corporate and regulatory policies," reads the report. "It also eases the IT burden, particularly in comparison with solutions that require several components."

4. Enterprise encryption solutions are too expensive. Although a laptop costs as little as $300 these days, the financial repercussions if the laptop is breached can easily dwarf the expense, the report shows. According to a Ponemon Institute study, which surveyed 329 private and public-sector organizations in the United States, the use of encryption data can save organizations, on average, $20,000 per laptop, if sensitive data happens to be breached. "Companies evaluating the costs of data encryption solutions should factor in the true cost, rather than simply the relatively trivial cost of the hardware itself," the report states.

5. OS-based encryption protection is sufficient. Encryption capabilities available through operating systems do offer some degree of protection against breaches, according to the report, but these solutions may lack manageability and cross-platform support. "For complying with regulatory mandates, data security solutions that let administrators centrally manage the key operations, determine the data content to encrypt, and ensure that corporate policies and practices are being followed, offer a more effective approach," the report reads. "When a centralized management approach is applied, the level of data security rises."

6. There is no compelling reason to encrypt data. According to the report, protection of assets, which is the primary reason for encrypting data, encompasses two major concerns that are fundamental to organizations of any size and include meeting local, state and federal regulations, as well as preventing unauthorized individuals from gaining access to PHI. "When implemented properly, encryption of sensitive data can satisfy the requirements of most laws and mandates," the report reads. "Data encryption backed by a solution that ensures organization-wide compliance serves these goals very effectively."

7. IT departments have no practical way to protect mobile devices. With the rising popularity of mobile devices comes a new imperative for data protection, according to the report. "Incorporating mobile devices, as well as equipment that runs diverse operating systems, can be an IT nightmare, unless a solution accommodates all types of computing devices in a uniform, consistent, manageable way," the report states. Since employees use mobile devices running on different platforms, it's important for devices to be integrated into the infrastructure and data security strategy. "A mechanism for protecting mobile devices should be an integral part of any serious data security solution," it explains. "Modern solutions allow you to monitor the data security status of all devices used by a user, irrespective of the form factor or operating system used, within a single administration console."