So, if you work for a publically traded company, health care organization, financial services company or government you may have had to deal with some type of encryption strategy for your mobile devices or removable devices. There are plenty of enterprise encryption products on the market that can assist with this basic security need.
Also, more than likely you’ve also had to deal with some type of e-discovery. When your corporation controls the keys then it’s not too much of a big deal. You can comply with court mandated discovery requests since you have the keys (at least you should). But what happens when an employee encrypts the data themselves using pretty powerful technology such as trucrypt?
What happens if your organization is sued and your employee or ex-employee refuses to give up the key? Worst yet what happens if you sue the ex-employee? Does your organization have a policy when it comes to data encryption and key rights? Also, what technical solutions can you put in place to ensure data is not encrypted via unsupported methods in your environment.