Most IT departments understand the requirements of a data loss prevention strategy to secure traditional mobile devices such as laptops and USB keys. But one vendor warns there is a lack of attention to e-mail encryption because it is often regarded as a distinct security topic.
“It appears to (IT departments) to be a totally different arena,” said Ginsberg. “But it isn’t.”
Despite the proliferation of smart phones, IT departments continue to underestimate the danger in travelling information between devices, said Ginsberg.
Moreover, the plethora of operating systems makes e-mail encryption management tricky not just for IT departments but for vendors developing offerings for customers. While the messaging market is predominated by Microsoft Outlook, Ginsberg said there are a variety of operating systems that vendors must deal with.
“RIM has its own OS. Apple not only has its own OS, it’s decidedly closed. Android is a relatively new entrant,” said Ginsberg.
IT departments need an e-mail encryption approach that places that management away from the handset which is then left to be the delivery and access mechanism that it is, said Ginsberg. “Mobility is generally quite Web-centric. The ultimate solution lies in the cloud,” he said.
Web portals, said Ginsberg, is a good central approach for IT departments to manage authenticity, certification and audit trails. The success of the BlackBerry Enterprise Server, he believes, is largely due to the security technology being precisely an “interim device” for remote control.
Also in the e-mail encryption market, McAfee Inc. offers a hosted service with what it calls “bidirectional encryption” for enterprises with mobile workforces tethered to smart phones.
And, last March, Symantec Corp. acquired two encryption technology vendors, PGP and GuardianEdge, with the intent of bolstering its e-mail encryption portfolio. Jaquith predicted in the short term, Symantec would add e-mail encryption to its secure e-mail and DLP gateways. And in the longer term, would layer encryption capabilities across its DLP, backup, archiving and cloud offerings.
“Overall, these deals are very positive for Symantec and its customers and will challenge smaller security companies and encryption specialists to raise their games,” wrote Jaquith.
Ginsberg said an IT department’s security strategy must include an encryption platform regardless of device where “the procedures and identities are common to all the devices and dynamics.”
While Ginsberg hasn’t observed e-mail encryption being generally rapidly adopted, he does think the fact that it falls in the privacy bucket will give it a much needed push.
“There is the recognition now by legislative bodies that data is mobile … the answer to security is not access control. It’s data encryption,” said Ginsberg.
Follow Kathleen Lau on Twitter: @KathleenLau