7 common myths about data encryption

Although data encryption is becoming a valuable resource to protect against breached PHI, according to a new report by WinMagic Data Security, certain myths and misconceptions about it still exists. 

"IT professionals, at the enterprise level, frequently turn to encryption for protecting data," read the report. "Although encryption is a proven technology that delivers strong, effective data security, common myths and misconceptions about it persist, even among some people who are generally knowledgeable about computers. All too often, the myths surrounding encryption are based on misunderstanding of the technology or outdated concepts."

The report outlines and debunks seven common myths about data encryption. 

1. Passwords protect laptops. Although it may seem like a username and password is enough to protect your laptop, read the report, this practice is "woefully inadequate" if your laptop is lost or stolen. In fact, those with little experience can remove the hard drive from a laptop and access data contents from another system. "A variety of common hacking tools can make short work of the username and password combinations that normally protect a laptop during login," read the report. Relying on password protection alone for casual computer use works for some, but for enterprise applications, passwords alone are "weak and unacceptable, nor are they a suitable method for meeting regulatory requirements."

2. Data encryption slows performance and lowers productivity. Historically, data encryption did slow down less-powerful computer processors. "To many users, this seemed like an unacceptable trade-off to pay for the benefits of data security," according to the report. "It also established data encryption in many peoples' minds as a technology that caused poor performance." However, encryption operations that were once performed in software, read the report, are carried out more efficiently in processor hardware, and as a result, most users on modern systems don't even notice when the encryption is taking place. "Although mobile computing devices – such as tablets, laptops and smartphones – don't have the same processing capacities as desktop machines, typically, even their processors can efficiently handle encryption fairly transparently."

[See also: Breaches epidemic despite efforts at compliance, says Kroll.]

3. Deploying data encryption solutions can be a challenge. For organizations with thousands of employees, data encryption solutions without a single point-of-control can be a challenge to plan, deploy, implement and maintain. But, well-designed solutions offer aspects, like a management console, to alleviate some of the headaches. "This ensures consistency in maintaining the highest standard to meet corporate and regulatory policies," read the report. "It also eases the IT burden, particularly in comparison with solutions that require several components." Other aspects of data encryptions solutions that have made their implementation easier include their level of transparency, their impact on IT operations, and the changes required of certain processes. 

4. Enterprise encryption solutions are too expensive. Although a laptop costs as little as $300 these days, the financial repercussions if the laptop is breached can easily dwarf the expense, the report shows. According to a Ponemon Institute study, which surveyed 329 private and public sector organizations in the U.S., the use of encryption data can save organizations, on average, $20,000 per laptop, if sensitive data happens to be breached. "Companies evaluating the costs of data encryption solutions should factor in the true cost, rather than simply the relatively trivial cost of the hardware itself," it read.

Continued on the next page.