A new report published by Osterman Research and sponsored by e-mail security specialists CertifiedMail contends that many enterprises are still struggling to get sufficient messaging encryption technologies into place, to change internal perceptions about the systems as hard-to-use (and worth buying in the first place), or to make them work efficiently once installed.
According to the paper, a lack of understanding regarding the newer, easier-to-use encryption technologies available to organizations today, along with uncertainty as to what types of content needs to be obfuscated using the tools, remain among the most significant hurdles to encouraging broader use of the systems.
If you read between the lines, the report (which is understandably self-serving to CertifiedMail) essentially states that most organizations still view encryption technologies are hard to use, with fears that setting stricter automated controls for encrypting data may get in the way of legitimate business processes.
Of the 205 enterprises surveyed by Osterman:
-Users at 47 percent of the involved firms did not have the ability to send encrypted e-mail directly from their desktops.
-Only 45 percent of users could send encrypted e-mail manually through their e-mail clients.
-Only 13 percent of users could send encrypted e-mails automatically through some sort of policy-based encryption system.
-Some 27 percent of the organizations had experienced an accidental or malicious data leak during the previous 12 months.
-Of respondents that could send a manually encrypted e-mail, some 22 percent found doing so “somewhat difficult” or “difficult,” while another 44 percent consider sending encrypted e-mail manually to be “not too difficult.”
-Much of the belief that encrypted e-mail is generally difficult to use arises from the legacy of older technologies.
-Survey respondents indicated that if encrypting an e-mail could be accomplished by simply clicking a button in the e-mail client, even those “infrequent” users would be likely use encryption more frequently.
Matt Hines has been following the IT industry for over a decade as a reporter and blogger, and has been specifically focused on the security space since 2003, including a previous stint writing for eWeek and contributing to the Security Watch blog. Hines is currently employed as marketing communications manager at Core Security Technologies, a Boston-based maker of security testing software. The views expressed herein do not necessarily represent the views of Core Security, and neither the company, nor its products and services will be actively discussed in the blog. Please send news, research or tips to SecurityWatchBlog@gmail.com.