To start the discussion off, the group was asked an almost too simple question: Do you encrypt your data? Unsurprisingly, the answer was a ready and unanimous “yes.” However, there is an interesting division in where data is encrypted—while everyone agreed upon encrypting data in transit, only around half encrypted data at rest, and some only on certain systems. This may be a surprise, but you must consider the challenges associated with a heavy amount of encryption. Cost is a very significant factor, as programs and encryption services come at a steep price. Complexity should also be considered—many medical organizations have massive amounts of data which require an extremely detailed process to manage. Adding heavy encryption on top of that is not only all the more tedious and time consuming, but is also nearly impossible to accomplish at that scale.
Even varying types of devices on a network are a factor for many enterprises, as so many exist today—and they are all different models with varying operating systems, security features, and so on. These issues and more all add to the difficulty of deciding how, where, and when to encrypt sensitive data in one’s system. So with all that in mind, what do we expect out of the future of encryption? As encryption evolves and becomes a vital, necessary asset to companies, some believed that policy-based encryption will come into play, and that encrypting data and generating access keys will become an internal process rather than something accomplished through external vendors. Enterprises want to keep their adversaries at bay, but information can no longer be locked behind a heavy physical door—so we must find ways to triumph on a technological playing field.