Thanks to a wave of attacks and some controversial requests for data on the part of a number of government entities, usage of encryption has increased considerably in the last year. The challenge facing many IT organizations is figuring out how to manage the ongoing usage of encrypted files inside and outside of their organization.
To address that challenge, Sophos today rolled out Sophos SafeGuard Encryption 8, which makes use of a synchronized communications framework that Sophos employs across its portfolio of security offerings to reduce the friction associated with managing encryption across multiple platforms.
Dan Schiappa, senior vice president and general manager for Enduser Security Group at Sophos, says one of the primary reasons encryption is not universally employed is that, in its current form, it’s too difficult to practically manage. Sophos SafeGuard Encryption 8 not only automatically encrypts each file by default in a way that is transparent to the end user, it gives the IT organization more control over those encrypted files. For example, Schiappa says IT organizations can revoke encryption keys when they discover that a device has been compromised by malware. Schiappa notes that SafeGuard Encryption also synchronizes encryption keys with Sophos Mobile Control, which secures file access rights on smartphones and tablets using a HTML5-based Sophos container.
Sophos SafeGuard Encryption 8, says Schiappa, is the latest instance of a Sophos approach to IT security that focuses on listening to the heartbeat of the endpoint. Regardless of the use case, Schiappa says it’s clear that cybercriminals are trying to compromise endpoints to gain access to data anywhere in the enterprise. Now various regulatory bodies have come to recognize these threats. The European Union, for example, has instituted a General Data Protection Regulation (GDPR) that comes into effect on May 25, 2018. Companies holding customer or employee data of EU citizens will face financial penalties of up to 4 percent of annual worldwide revenue if they suffer a data breach.
Of course, governments are not always the biggest fans of encryption. But when it comes to securing data, encryption is the most effective method available. The issue at this point isn’t so much whether organizations will make broader use of encryption, but rather how best to manage it in a world full of multiple devices running applications that may or may not belong to the organization.