In a quick follow-up to my last post, someone asked me if encryption protects information, against hackers and identity thieves as well as careless or dishonest insiders, then why is it not used all the time? Wouldn’t it make data theft a much less serious security threat?

The fundamental answer is yes – the more data is encrypted the less likely it is to be exploited. But the real answer is a little more complicated. The challenge with encrypting everything is not so much a cost issue but a technical one. Good encryption impacts the speed and ease with which data can be accessed and this can create problems in an instant, on-demand world.

And encryption uses keys or codes to lock and unlock the data. These electronic keys, which are essentially huge numbers, have to be managed and protected because if they’re compromised the encryption can be useless.

That’s why, as usual, we need a multi-faceted approach. More investment in encryption technologies, more laws to require the use of encryption wherever possible, more consequences for organizations that don’t protect their data, and ultimately, better protection for the consumers caught in the middle.

Remember - when data is stolen from a company database it’s not usually the company’s secrets that are compromised. More often it’s customer information that the thieves are after. The company that loses the data is usually more concerned with the bad publicity than with the emotional and financial impact on consumers.