News Stay informed about the latest enterprise technology news and product updates.

Regulations spark growing demand for data encryption

Sarbanes-Oxley and HIPAA are prompting IT managers to use encryption for securing personal data on mobile devices. Microsoft is responding with its own encryption toolkit.

Regulations mandating customer privacy and confidentiality have spurred corporations to increasingly use encryption to protect data -- a practice that will likely keep growing.

Recent regulations including Sarbanes-Oxley and HIPAA require certain information, such as a patient's medical information, to be kept confidential at all times.

More encryption stories:
Mobile device encryption -- a practice not often applied

TJX breach: There's no excuse to skip data encryption

Federal government pushes full-disk encryption

End-to-end encryption for Windows Vista systems: BitLocker

As more workers use laptops and other devices like PDAs and smart phones to do their jobs, the use of data encryption will continue to rise, according to Diane Kelley, a security analyst for the Burton Group, a research firm based in Midvale, Utah.

In response to this growing need of enterprise users to protect data, Microsoft is developing a Data Encryption Toolkit for Mobile PCs. The toolkit, which has a beta program for users, will include guidance on how to configure and use encryption technology. It also has tools that automatically identify what data should be encrypted.

"Customers were asking us, 'can you help us meet these regulation requirements?' " said Russ Humphries, a senior product manager in Microsoft's Vista Client Security. "We wanted to help them leverage the technology that already existed in Windows XP and Windows Vista in an easy set of tools," he said.

Microsoft's toolkit will reportedly help users take advantage of existing encryption technology in Windows XP Professional and Windows Vista. The company said it will incorporate beta user input to improve the toolkit before it releases the final product later this year.

Millions of customer records violated

With more than a million personal records breached since January 2005, it's not surprising that companies are turning to encryption to keep data secure. Those figures were compiled by the Privacy Rights Clearinghouse, a nonprofit consumer information and advocacy organization in San Diego, Calif.

Jonathan White, chief information officer of Forest, Miss.-based Community Bancshares of Mississippi, said his organization is one of those that is considering how to encrypt more areas of its Windows-based network.

"It's on our radar screen, although we don't have a formal project we're pursuing," White said. His group of community banks does not have a lot of laptops, but there are a number of Windows Mobile 5.0 devices in use, such as RIM's BlackBerry and Cingular's BlackJack.

Community Bancshares has long kept passwords and IP addresses data encrypted through third-party applications, he said. When the company transmits information between its data center and its banking locations, it encrypts data using features in Exchange Server 2007. It can also wipe data from lost or stolen mobile devices using Secure Socket Layer technology. The company will continue to look for ways to protect its data by encryption, he said.

Toolkit uses BitLocker technology

Microsoft's Data Encryption Toolkit for Mobile PCs provides guidance on how large corporations can take advantage of the company's BitLocker technology, which encrypts all data on a hard disk, and the Encrypting File System, which encrypts folders and individual files selected by the user.

It also includes the Encrypting File System Assistant tool that helps enforce EFS encryption policies on mobile devices through Group Policy. The tool automatically detects files that should be encrypted, and it can be configured to regularly scan hard disks for files that are good candidates for encryption.

IT departments are under increasing pressure from a variety of regulations to protect important data, Kelley said. Many companies have turned to encryption to protect data in transit, she said, particularly data from laptops and other mobile devices on the road or in remote offices.

She expects the number of those companies to keep growing. "It's a result of increased regulations and worries about reputational risk," Kelley said. "No one wants to be in the news as TJX was with their data breach."

Dig Deeper on Enterprise infrastructure management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.