MOST DO NOT HAVE SOLID ENCRYPTION POLICIES OR AUTOMATED SYSTEMS
One of the fundamental problems in the context of corporate encryption is that many organizations do not have email-related policies that meet their requirements to protect confidential email and attachments. For example, as shown in the following table, only 38% of organizations believe that their encryption-related policies for confidential email and attachments meets their needs or meets them well.
- Appropriate use of email 61%
- Employees’ personal use of email 55%
- Retention periods for email-based records 53%
- Including disclaimers in outbound email 53%
- Deletion policies for email-based records 50%
- Ensuring that employees understand corporate email policy 46%
- Ensuring that employees understand email belongs to the employer 41%
- Ensuring that employees follow corporate email policy 40%
- Defending against leakage of sensitive information 39%
- Use of encryption for confidential email and attachments 38%
- Use of personal Webmail accounts 36%
SOME SOLUTIONS ARE CUMBERSOME
Some early-generation encryption solutions were too difficult for users to employ as a normal part of their daily work, and so were not used to the extent they should have been or at all in many cases. Some of these solutions were not scalable and required a great deal of IT effort to maintain, as well. As a result, many think of encryption as cumbersome and so perceive that newer solutions are saddled with the same problems as their predecessors. While that is not the case for most of the newer solutions, the perception still exists in the minds of many decision makers.
SOLUTIONS NEED TO BE OPTIMIZED FOR A MOBILE EXPERIENCE
Because of BYOD and the general trend toward greater mobility in the workplace, the mobile experience is becoming a more important decision point. When evaluating email encryption solutions, it is essential to consider those solutions’ support for sending, receiving, encrypting and decrypting messages across a wide array of mobile devices and with the user experience as a front-of-mind consideration. Ideal encryption solutions will support all popular mobile devices without requiring the installation of plug-ins or additional software.
Part of the mobile encryption experience that must be considered is that typing strong passwords on a small screen is not easy and prone to error. Plus, the use of PINs for authentication is cumbersome, particularly on mobile devices, and they are relatively easy to guess because about one-quarter of PINs are a spouse’s birthday date. Still, PINs are preferable to passwords, largely because mobile devices use auto correction when entering text, making their entry tedious and time-consuming (about 20-30 seconds for the typical password on a mobile device).