In order to properly secure confidential information -- everything from trade secrets to financial data and personal identity information -- corporations need policy-based e-mail encryption.

But securing data in motion hasn’t yet achieved critical mass. In a March survey of e-mail decision makers at more than 400 large enterprises, Proofpoint asked respondents what percentage of e-mail that should be encrypted is actually being sent that way. On average, the answer is “less than half.” Furthermore, a quarter of respondents said they “don’t know” the answer to the question.

Even though 35% of survey respondents said they intend to deploy a policy-based encryption solution, concerns around administrative burdens, infrastructure costs, ease-of-use and effectiveness have made some organizations hesitant to take the plunge.

The reality is that traditional encryption solutions -- which require extensive storage and backup, daunting key management requirements and significant end-user training -- have been outpaced by approaches that are easy to administer and use, and, most importantly, allow employees to continue to use e-mail but in a secure fashion.

Safeguarding private information

Few organizations are immune from today’s regulatory mandates, many of which require organizations to deploy e-mail encryption as part of their messaging security architecture. The Health Insurance Portability and Accountability Act (HIPAA), Gramm-Leach-Bliley Act, Federal Information Security Management Act and many individual state laws provide guidelines for implementing best practices for handling private information via e-mail and other electronic communications. However, regulatory compliance concerns are only part of the reason encryption solutions should be a component of an organization’s overall messaging security architecture.

A quick hit of the “send” button could result in a competitor getting hold of confidential product-launch plans, the exposure of customer Social Security numbers, a premature leak of corporate financial information or patient medical records being revealed to the masses. The financial and legal ramifications of these situations would be enormous, not to mention the potential negative impact on an organization’s reputation.