Encryption in the Hands of End Users

  • Eric Goldman

1 May 2016   ::   Security   ::   #encryption #human factors #zip #siem #journal article



Goldman, E. H. (2016). Encryption in the Hands of End Users. ISACA Journal, 3, 23-38.

DOI/FullText at: http://www.isaca.org/Journal/archives/2016/volume-3/Pages/encryption-in-the-hands-of-end-users.aspx


Organizations are increasingly investing in encryption capabilities. One form of encryption that is seeing increased deployment is end-user managed encryption; however, such deployments present many challenges for the enterprise. Such tools typically lack centralized management and control capabilities, either forcing or allowing users to make security decisions on their own. This makes monitoring and enforcement of proper usage difficult and leaves doubts over whether users are using encryption properly, if at all. In addition, monitoring and data loss prevention tools are often rendered mute because most solutions lack escrow and security infrastructure integration. In this article we will discuss some of the challenges and risks in deploying end-user managed encryption and will also evaluate alternative centralized solutions and their benefits.