Four Principles of Usable Encryption
Data is the lifeblood of modern business and yet few organizations effectively utilize encryption—a proven safeguard—to protect it. Only 43% of organizations have an encryption solution applied consistently across their enterprise. Why do so few organizations use it? Usability, or lack thereof, of legacy solutions is a critical issue. At Virtru, we believe organizations shouldn’t have to choose between protecting data and sharing it, which is why we’ve made it easy for you to do both.
Usability is particularly important with the number of data regulations, data leaks, and hacks are on the rise. Usability is foundational to user adoption. If adoption slips, the strength of your data security program is weakened and possibly undermined.
What’s more, for enterprises operating in highly regulated industries—such as healthcare, education, or manufacturing—the growth in the sheer amount of data created, stored and shared is both a blessing and a curse, and it shows no signs of slowing down. In fact, IDC predicts that by 2025, the collective sum of the world’s data will grow to 175 zettabytes.
As the volume of data increases, so does the associated risk. Therefore, the challenge for modern organizations with access to sensitive data is how to manage the risk. Usable and intuitive data protection that does not interfere with business workflows helps increase productivity and collaboration, and provides greater visibility and scalability across the organization is the key to managing this risk.
The Problem: A Legacy Approach
Encryption has been around for decades but has yet to garner wide-spread adoption. Usability issues surrounding key management and poor workflows have forced many organizations to either forgo encryption for data protection or choose to use an all-in-one portal system to manage sharing data. While these systems may check off the box for compliance, user-friendliness and interface design are not their strengths. Plus, the burden is passed to the client, who has to remember yet another set of credentials in order to access their information.
The usability limitations have also left encryption as relatively niche until recently. Many enterprises remain vulnerable as they rely on so many apps for sharing data but don’t have a means to protect it—such as Slack for messaging that lacks end-to-end encryption. These apps address the business need to share data but at the same time open up additional vulnerabilities because of the lack of encryption in many of them. Because of this, many organizations are customizing in-house apps to add a protective layer onto these platforms. These applications serve an important role in modern workplaces but, to address mounting concerns around data breaches and privacy, any app you use must incorporate strong data controls. This is where usability is mission-critical.
The Solution: Usable Encryption
Rather than leaving data security and privacy as a question mark, Virtru provides easy-to-use client-side encryption for protection that travels with the data, enabling persistent enforcement and access control across all environments and applications.
The need for data-centric protection is especially important as more and more organizations utilize apps to enhance engagement, both internally and with customers. Given the reliance on these apps, organizations need an easier way to keep track of where data goes, who accesses it, and how to maintain a level of protection. All while providing evidence of security safeguards to meet regulatory compliance needs. But, data protection must fit within an organization’s workflow or else employees will find means to circumvent it. Our data-centric approach to encryption is based on four principles:
- Persistent: protect the data wherever it goes.
- Share with Anyone: No prior trust relationship is required. No manual key exchange.
- Positive Control: Control who can access data, from where, and for how long.
- Visibility and Audit: Track and audit where data is shared and accessed.
Virtru’s policy-driven governance allows data owners—from organization administrators to individual employees—to revoke or expire access to data, even after it has left your organization’s boundaries. What’s more, you can also see where your data has traveled and who has accessed it so that In the event of a compliance audit, you’re covered. Having this level of visibility into who has accessed or forwarded emails—with SIEM integrations for improved threat remediation—gives data owners granular insight and control over their data. This is increasingly relevant as non-compliance fines are on the rise and big-name breaches such as the US Customers and Border Protection contractor, American Medical Collection Agency (AMCA) and Marriott continue to make headlines.
You Don’t Have to Choose Between Security and Ease-of-Use
For enterprise security, the encryption solution an organization chooses to deploy is foundational to a comprehensive security program. User awareness and adoption are core aspects of a successful security program, and when it comes to encryption, this is especially true. Why? Because employees still need to be productive and get their work done. If encryption doesn’t integrate with everyday business tools and workflows, employees will find workarounds that inhibit widespread adoption and weaken security.
End-users must have a seamless experience. With traditional portal-based encryption solutions and those that require complex key management arrangements, recipients must create and manage new account usernames and passwords to access encrypted email, a time-consuming and error-prone process.
A seamless user experience (UX) is a must-have for enterprise encryption. Legacy solutions often compromise on this for the sake of security. Not only is that not necessary, but that compromise undermines the security of any encryption solution.
Encryption tools should work within existing application workflows and leverage existing credentials for authentication in order to make collaboration truly user-friendly. Virtru overcomes poor usability of legacy and portal-based approaches with significant ease-of-use and robust data protection, ultimately delivering peace of mind to security leaders.
Virtru avoids introducing new workflows or applications by allowing authorized parties to receive and decrypt protected content without installing new software. Recipients simply authenticate themselves using their existing email credentials. The result: an extremely user-friendly experience that delivers control and data protection that stays with the data across environments, devices, and applications.
Speak with one of our security experts to learn how Virtru’s usable encryption technology can boost security and adoption within your organization