Educating Decision Makers About the Need for Encryption

Osterman Research Sponsored by ZixCorp
Date of Publication: 
August 2010

Knowledge Base item Tags:



Sensitive and confidential messages and documents – proposals, contracts, purchase orders, personnel records, discussion threads between senior managers, etc. – are sent via email, instant messaging, in unified communications systems and file transfer systems in just about every organization. This information is stored on desktop computers, laptops, smartphones, backup tapes, archives, file servers and other data repositories. However, despite the sensitivity of much of this information, the vast majority of it is never encrypted but instead left vulnerable for interception and review by virtually anyone inside or outside of an organization.

Is that a problem?

Yes. Not only does it violate best practice and common sense to make sensitive and confidential information available to unauthorized parties, either through inadvertent discovery or malicious intent, doing so also violates a growing number of local, national and international statutes focused on data privacy and content protection. For example, 46 US states and one Canadian province now have data breach notification laws, obligating those who lose or expose data to expensive remediation procedures. The US government imposes similar penalties on those who lose even a small number of patient health or financial records. Add to this a growing number of nations that are considering or have passed data breach notification requirements.

However, encrypting sensitive and confidential content is not just about avoiding negative consequences. Encryption can also provide distinct competitive advantage, allowing companies to win new customers and boost retention rates for existing customers. It can reduce the cost of communicating with customers and prospects. It can enable faster and better ways of improving customer outcomes. And, it can enable new business opportunities that would not exist in the absence of good encryption capabilities.


The bottom line is that:
•    The use of good encryption technology can reduce an organization’s risk of non- compliance, and
•    It can produce new opportunities for revenue generation and competitive advantage that would not otherwise be available.