Darren Shimkus, senior vice president of security vendor Credant said that it's surprising that even companies the size of BP don't encrypt their laptops as a matter of course these days. "It simply is not happening in the manner you would expect," he said.
That lack of adoption is a problem not just in the private sector, but also within the federal government.
In 2006, when an employee at the U.S. Department of Veterans Affairs lost a laptop and several storage disks containing personal data on over 26 million veterans, the Office of Management (OMB) issued a memorandum requiring all agencies to encrypt sensitive data (PDF document) on portable devices.
Close to five years later, several federal agencies are not even close to compliance, according to an OMB report to Congress released earlier this month.
While several agencies have reported 100% compliance, and many others are well on their way to achieving full compliance, the government-wide average is still just more than 54%.
Numerous products are currently available that allow companies to encrypt data at both the disk level and at the file level, fairly easily and cost-effectively. Yet many appear to be holding back because of outdated perceptions relating to the deployment and management costs associated with encryption, Shimkus said.
Concerns about key management for instance, continue to be a big issue for companies even though considerable progress in this area has been made by some vendors over the past several years, he said.
Sign up for Computerworld eNewsletters.