At American National Insurance Company, IT leaders said that the financial services company had been considering broader use of encryption for several years before the combination of more streamlined technologies and increasing pressure in the form of compliance regulations encouraged the firm to dive in.
Today, the company is using PGP tools to both obscure sensitive e-mails and provide whole disk encryption to protect data stored on its desktop and laptop computers.
"We'd been looking at encryption closely since at least 2005, driven largely by the laws and compliance regulations that were being passed; we needed better e-mail security because we realized after sampling that we had a problem, and knew that we wanted to better protect sensitive information on our computers," said Ken Juneau assistant vice president of Information Technology Services at ANICO.
"The e-mail product simply sits in the mail flow, and any outbound messages that need to be get encrypted," he said. "Key management was simply the biggest differentiator. The system has almost no overhead in terms of administration; if a key needs to be created, the system handles it, and most end-users never know that the e-mail is being encrypted, which is ideal."
With the PGP whole-disk encryption system ANICO is using, Juneau said that key management and the ability to automatically create end-user credential recovery tokens have also proven as easy to use as the insurance company had hoped.
Inside smaller organizations, the ability to find encryption platforms that allow for simplified installation and management has been even more acute as the realities of smaller IT staffs make it even harder to deal with any widespread usability issues, experts said.
Jason Parks, information systems analyst for Northern California's Butte County Department of Information Systems, said that deploying encryption several years ago was not an option for the government body before it found tools made by vendor Voltage Security that adequately address those issues.
"The tools have gotten a lot better, which allowed us to move forward with our plans," Parks said.
"We didn't want to do a bunch of certificate management, and we wanted an easy end-user experience as well. Using the system we have in place, we don't have to give a lot of complex instructions to the users," he said. "We have a limited amount of full-time IT staff in the county, so we couldn't do this until we found something that addressed all the traditional issues with encryption management."
Over the course of the two years that Butte County has been working with Voltage's e-mail encryption platform, the IT specialist said that the product has become even more refined and less intrusive to end-users.
"It's great to see that the encryption vendors are making progress," said Parks. "Encryption is something that a lot of smaller organizations like us need that was not a realistic proposition in the not-too-distant past."
Even the vendors themselves admit that encryption tools have changed dramatically in the last several years, allowing end-users to benefit from the protection that the technology can provide without creating massive headaches related to installation and maintenance.