People tend to make things more complicated than they need to be. It goes without saying that an “encryption strategy” let loose may quickly reach an overwhelming degree of intricacy:
Which employee in which department is entitled to access which data, and how often? Which data need to be included in mandatory encryption? When might encryption be necessary in particular circumstances only? How do we define these requirements? Moreover, are there data that cannot yet be defined – as things stand – in terms of their encryption relevancy? What happens when all the rules that are used to classify data in terms of their encryption requirements fail, and precisely these data are breached? … There are many important questions.
Alternatively, organizations can take the easy approach and say: We will encrypt everything as a matter of course! After all, each of our data possesses the same importance and requires equal protection!
Further along the line, of course, it is necessary to ensure that the encryption solution is transparent – in regard to its en- and decryption, as well as to data access. And the best encryption is one that users will not even notice.
Sophos SafeGuard: The uncomplicated way to encrypt your data immediately after its creation
I want to point out the Sophos product SafeGuard as an example. SafeGuard was originally developed by Utimaco, a German IT security solutions vendor. Sophos took over Utimaco in the middle of 2008, and included SafeGuard in its portfolio.
Sophos SafeGuard encrypts content immediately after its creation. Encryption takes place without interruption and therefore does not disrupt normal workflows. Whether the file is encrypted on your colleague Mike’s Mac and then decrypted on Joe’s Windows device and whether data are exchanged inside the company or with externals – SafeGuard provides a handy and easily manageable solution.