Data Encryption debate rages

Recent reports of high profile embarrassing data breaches, coupled with stringent data privacy regulations such as the Health Insurance Portability and Accountability Act and Sarbanes-Oxley Act, are softening long-standing reluctance by the private sector to adopt encryption technology, industry executives say.

But experts advise organizations to plan carefully before introducing encryption and warn that the technology may not even be the best way to prevent data theft. Incidents such as last week's disclosure of the theft of sensitive data on 16,500 current and former MCI Inc. employees typifies the forces driving enterprise interest in data encryption and protection tools, experts say. The data was on a laptop stolen in April from a car belonging to an MCI analyst.

But companies can't clamp encryption on top of production networks, databases and file systems without breaking business apps and slowing network traffic to a crawl, said David Friedlander, an analyst with Forrester Research Inc., in Cambridge, Mass. The trick is to apply encryption strategically and in a way that doesn't require changes to applications, employees or business partners who use the information, said Ted Julian, vice president of marketing at Application Security Inc., of New York.