Corporate Usage Policy – End User initiated encryption and e-discovery

So, if you work for a publically traded company, health care organization, financial services company or government  you may have had to deal with some type of encryption strategy for your mobile devices or removable devices.  There are plenty of enterprise encryption products on the market that can assist with this basic security need. Image

Also, more than likely you’ve also had to deal with some type of e-discovery.  When your corporation controls the keys then it’s not too much of a big deal.  You can comply with court mandated discovery requests since you have the keys (at least you should).  But what happens when an employee encrypts the data themselves using pretty powerful technology such as trucrypt?

What happens if your organization is sued and your employee or ex-employee refuses to give up the key? Worst yet what happens if you sue the ex-employee?  Does your organization have a policy when it comes to data encryption and key rights?  Also, what technical solutions can you put in place to ensure data is not encrypted via unsupported methods in your environment.

Published by Keith Townsend

Now I'm @CTOAdvisor

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: