Use of encryption to protect business data continues to increase, but managing the technology involved continues to be a headache.
Just over a third (36 percent) of organisations said they now have an enterprise-wide encryption strategy in place, a number that has been steadily rising from the 15 percent reported a decade ago, according to a survey.
The figure hides some significant international variations: 59 percent of German companies claimed to have an encryption policy which is applied consistently across the organization, compared to 43 percent in the US, 35 percent in the UK, and a mere 25 percent in Mexico.
By industry, financial services, healthcare, and pharmaceuticals are among the biggest users of encryption.
Encryption is an increasingly hot topic. Following the revelations about mass surveillance by the NSA and GCHQ, a number of companies including Apple and WhatsApp have increased their use of encryption technology to protect customer data, while businesses have also been beefing up the protection of their own corporate data to protect against digital corporate espionage and the risk of inadvertent data leaks. However, law enforcement agencies and security services are also increasingly concerned that the widespread use of data-scrambling technologies will make it harder for them to pursue criminals and terrorists.
According to the survey, commissioned by Thales e-Security, while the most common reason for using encryption chosen by respondents was "to comply with external privacy or data security regulations and requirements", four out of ten also said they had implemented encryption "to protect information against specific, identified threats".
Employee and HR data was the most likely to be encrypted, according to the respondents, followed by financial records and intellectual property - but only a third of respondents said that customer information was encrypted.
Finding where the sensitive data actually lives within the organisation was considered to be the biggest problem with introducing encryption, followed by the initial rollout - and working out which types of data were worth protecting in this way.
However, encryption remains a famously complicated business, especially storing and managing those encryption keys and digital certificates. The survey described this task as a "very challenging activity" thanks to isolated and fragmented systems and a lack of skills.
According to the research, around 15 percent of the average IT security budget is spent on encryption.