igor - Fotolia

Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Readers' 2016 top picks for enterprise encryption tools

As the enterprise encryption tools market matures, buyers find many vendors to choose from, but few stand out from the crowd as encryption is absorbed into other security tools.

This article can also be found in the Premium Editorial Download: Information Security magazine: Enterprise mobile strategy: Step up security:

With RSA's departure from the encryption business last year, many companies have been left wondering where to buy enterprise encryption tools, and it shows in the lack of any clear leaders in the encryption tools market space.

TechTarget polled 1,435 IT and security professionals in North America about their plans to evaluate encryption tools for data protection, and two-thirds indicated that centralized policy management was critical to their encryption projects. Just over half said that application and database transparency, without the need to modify existing applications, was essential; almost the same number said that low latency was critical.

Other "critical" features cited by survey respondents for enterprise encryption tools included key management interoperability (42%), support for hardware-based cryptographic acceleration (32%), support for compliance regulations (26%) and monitoring capabilities for encryption status (25%).

Source: TechTarget, 2016; based off responses from 1,435 IT and business professionals. Respondents could choose all that apply.

"Data is exposed and leaking everywhere," said John Girard, vice president and distinguished analyst at Gartner. "To comprehensively avoid accidental and deliberate breaches, companies should cover many avenues of storage and transmission, including primary drives, removable media, cloud-based file sync and share, directed file transfers such as FTP, and data in motion over networks, typically via virtual private networks."

Yet, as enterprises continue to move more of their data to the cloud, the majority of respondents were still focused on their on-premises data protection. Only 32% said they were evaluating cloud-based or managed security service providers; 28% were seeking to protect data stored in a public cloud.

Source: TechTarget, 2016; based off responses from 1,435 IT and business professionals. Respondents could choose all that apply.

Readers, on average, reported that they planned to encrypt three different types of targets with their encryption efforts. Endpoint drives were most frequently cited, at 62%, but 61% also said they would encrypt servers and 59% said they would encrypt email. Enterprise databases and endpoint files were specified by 55% and 54%, respectively.

Source: TechTarget, 2016; based off responses from 1,435 IT and business professionals. Respondents could choose all that apply.

The top enterprise encryption vendors shortlisted by readers include Symantec, at 6%, followed by McAfee (Intel Security), at 5%, and Check Point Software Technologies, at 4%. Of the 14 encryption vendors selected by respondents -- five were chosen by fewer than 1% of readers and another 20% picked "other."

Symantec's encryption offering includes endpoint encryption and removable media encryption with centralized management, as well as email, file share and command-line tools. More importantly, Symantec's enterprise encryption products integrate with its data loss prevention (DLP) technologies.

McAfee's Complete Data Protection provides its own encryption tools and supports OS X and Windows OS-native encryption, system encryption drives, removable media, file shares and cloud data. It also integrates with McAfee's other enterprise security tools for centralized management of policies.

So where are all the enterprise encryption tools vendors?

"The markets for disk encryption and media encryption management products are mature," Girard said. Vendors in the endpoint protection and the mobile data protection markets offer data encryption for workstation devices (like desktops and laptops), but many are starting to provide protection controls for smaller devices. "There are also encryption products that originate in the DLP and EDRM [enterprise digital rights management] markets," he said. "Many encryption policies can be managed by enterprise mobility management tools as well."

Data-centric encryption

The traditional encryption tools market is giving way to a world where encryption is folded into other security products, according to Brett Hansen, executive director for data security solutions at Dell.

"Too many companies currently have to employ a piecemeal approach to their encryption and data security infrastructure, implementing completely different solutions for data leakage protection, data rights management and data in motion security," he said. "This places an incredible burden on IT departments -- especially among mid-market and smaller sized businesses -- and is leading to many companies having unknown security gaps in their data protection platforms."

Enterprise encryption tools now need to be integrated across boundaries: data at rest and data in motion; laptop, mobile and desktops; as well as on-premises and cloud deployments. And these protections should also leverage the encryption capabilities that ship with OS X and Windows.

"Modern encryption needs to reflect the needs of today's employees," Hansen said, meaning that data should be able to move "between devices, public clouds and different operating systems." A goal, he said, which can "only be achieved through the adoption of data-centric encryption tools."

"The widespread adoption of mobility solutions means that data no longer resides in a single place or on a single device," Hansen added. "[D]ata is moving across different public cloud platforms, onto USB sticks and across different OS environments on different devices, and employees now demand that data travel between these seamlessly while remaining encrypted. To achieve this, businesses need to adopt a truly heterogeneous encryption solution that protects critical data wherever it travels."

Gartner recommends a checklist for enterprise encryption tools that includes looking for products that provide similar -- if not identical -- encryption policies on all devices, so management can be consistent not just for Windows and OS X systems, but also for smaller mobile devices. It also suggests looking for products that offer a single console for viewing policies in place across multiple device populations and backup features so that when devices become unavailable it is possible to determine what data is lost -- and then recover that data.

Other features Girard said are worth seeking out include protection for data at rest and in motion, support for self-encrypting drives (SEDs) and support for selective encryption of removable media and individual files. "It is also wise to consider vendors who can manage basic native crypto -- BitLocker, FileVault 2 -- [so] these are stable as OSes are patched and upgraded."

Most of the vendors Gartner tracks implement their own copy of cryptographic cipher suites, such as the Advanced Encryption Standard, and then get their product certification through the National Institute of Standards and Technology (NIST). "There is a new trend to use the NIST-approved, FIPS-certified (Federal Information Processing Standards) crypto provided via OpenSSL," Girard said. "It's only certified to FIPS-140 Level 1, but for most products and many use cases, that is good enough."

Looking ahead, Gartner expects to see more management vendors offering support for native encryption, such as BitLocker and FileVault 2, as well as increasing use of SEDs, which don't sacrifice performance because they use their own built-in encryption processes -- and the market researcher expects to see SED technology migrating into increasingly small devices.

"The next big leap in, say, three years will be the return to using rights-managed encryption, which is asserted any time that users create or modify files. In other words, driving encryption to the bottom so that any file that moves intentionally or accidentally is automatically protected by policy," Girard said. "In the mobile world, there are too many ways to move files to be able to protect everything by conventional means of perimeter defenses."

About the author:  
Peter Loshin is a site editor for SearchSecurity. Previously, he was a technical editor for software reviews at BYTE magazine, as well as a TCP/IP network engineer at a research laboratory in Cambridge, Mass. He has written several books, including TCP/IP Clearly Explained and Simple Steps to Data Encryption: A Practical Guide to Secure Computing.

Next Steps

How homomorphic encryption can help enterprises encrypt data

Why DLP and encryption are complicated in the cloud

Can enterprises benefit from elliptic curve cryptography?

This was last published in June 2016

Dig Deeper on Disk and file encryption tools

PRO+

Content

Find more PRO+ content and other member only offers, here.

Join the conversation

7 comments

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

Would your enterprise consider standalone encryption tools?
Cancel
The IETF and others have published the opinion that data centric protection is the logical objective.  Encrypt everything, all the time, rather than have multiple decisions about what needs protection.
The optimum could be described as usage of self protecting data objects, that are data label aware with services based on that awareness.  Attribute based access control to all digital objects enforced by dynamic, not static key management, (rekeyable), enforced by cryptography.  This approach is codified in ANSI X9.69 and X9.73 as well as ISO.  All FIPS certified functions assures correct implementation of the cryptographic processes.
Cancel
Data object protection with dynamic key rather than static is required.
Cancel
@JayWalker47: can you elaborate on that?
Cancel
Some great points but some of this is all over the map, not differentiating between end-point encryption in the enterprise versus encryption in the server room and in the cloud. We start off talking about RSA who has exited, yes, but the aim of their product was essentially encryption of enterprise apps.

There are a good number of vendors doing enterprise encryption and at least two, Vormetric and SafeNet/Gemalto offering a platform solution. With Vormetric now accquired by Thales, it's hard not to see them as THE leader in server room enterprise encryption both on prem and in the cloud with an end-to-end, turn-key platform approach that answers pretty much every enterprise encryption use case there is. So I'm not at all sure how in the world the thought that RSA has left a void has taken place. (Vormetric, by the way, offers a near-drop-in replacement with like for like PKCS#11 functionality for this "RSA void." If you're an RSA DPM customer, you should get ahold of your local Vormetric sales rep ASAP.)
Cancel
Thanks for the comment, @ChrisEOlive, you make some good points. So glad to get feedback like this.
Cancel
I'm a little surprised by the companies cited in this article as most of the vendors here are endpoint encryption providers and are not players in on-premise/server and cloud encryption market like Gemalto (SafeNet) which is considered by many to be the leading enterprise encryption and key management provider.
Cancel

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly.com

Close