How to Make a Business Case for Encryption

Encryption Features    | May 3, 2019

Digital communication is a competitive advantage over snail mail because it’s faster and cheaper. But cost savings can disappear the instant an organization experiences a breach, which is all too common.

In 2018, 4.8 billion records were stolen during breaches—that’s more than 9,000 per minute—and less than three per cent of those records were encrypted.

Today, we’ll do a quick review of two reasons email encryption is business-critical and what to look for in an encryption provider if your organization would like to minimize risks and costs associated with keeping email secure.

The high cost of losing trust

If your organization collects, manages and disperses personal information, it’s essential to deploy user-friendly encryption to secure that data as it flows through email. Of course, it’s the right thing to do, but it’s also what customers want and expect. For example, 87 per cent of CEOs invest in cybersecurity specifically to build customer trust—because once you lose trust, you lose the customer. When customer trust and satisfaction is tied into data security, it’s easy to see how email encryption no longer fits into the nice-to-have category. It’s now essential.

Compliance & avoiding fines

Implementing an encryption solution also helps you keep government hands—mandated by legislation—out of your pockets.

If your organization doesn’t protect data from being intercepted on route, the fines can be substantial. Just one year in after launch of the General Data Protection Regulation (GDPR) in the EU, for example, and we are already seeing massive fines – like the €50M fine Google was ordered to pay at the beginning of 2018 for GDPR violations.

In Canada, under the Personal Information Protection and Electronic Documents Act (PIPEDA), it’s mandatory to report data breaches, with non-compliance fines going as high as $100,000.

With privacy legislation expanding—California, New York and even Qatar, among many others, have created their own guidelines—organizations can no longer afford to ignore email encryption for private data. Privacy legislation now has teeth and the fines are steep.

There’s no question that taking care of your business means encryption. The next thing to do is work with an encryption provider who understands your needs and addresses them effectively.

Finding an encryption provider that works for you

Global information security spending, as a whole, is set to exceed $124B in 2019, according to a recent Gartner report —which means your organization has a lot of choice when it comes to encryption solutions. This choice is good but can also lead to overwhelm and poor decisions. For example, if an organization has an encryption solution in place, but it’s not widely used, it can mean they didn’t choose an encryption provider that could meet their needs and guide them through the process. We don’t want that to happen to you, so we put together a list of things to look for in an email encryption provider.

Seven things to look for in an enterprise-level encryption provider:

1. 1. Proven track record – Ask how long the provider has been working in encryption. At Echoworx, for example, we understand the risks of email management because we’ve been providing encryption solutions for over two decades.
   2. Solutions that go beyond out-of-the-box encryption – While out-of-the-box encryption is much better than zero encryption, look for a provider that can counsel you on solutions based on your needs. Many enterprise-level organizations require flexible delivery and policy-based encryption options—which go beyond the box.
   3. Cloud solutions that reduce overhead – Sending encrypted messages simply costs more when you run a legacy on-premise encryption solution. Costs include hardware and physical on-premise servers and staff to run them. Look for a third-party encryption provider that allows you to upload your secure communications to the cloud, offload support queries, gain access to encryption experts, save money and put less burden on your IT resources.
   4. Data centres around the world – Worldwide data centres allow users to deploy communications within their jurisdictions and within regulatory compliance. For example, at Echoworx, we have data centres in six countries: Germany, Ireland, the United Kingdom, Canada, Mexico and the United States. This helps cut costs, maintain compliance and cuts down on deployment time.
   5. Reputation management – Every time a piece of sensitive information leaves an organization’s digital perimeter, it puts a company’s reputation at-risk. An encryption provider should understand this risk and offer solutions like full brand alignment in multiple languages to support a seamless end-user experience.
   6. Systems that support dynamic scaling – Can your provider’s encryption solution scale dynamically as email demand on the system fluctuates from day to day or even hour to hour—and accommodate increased demand without delay? Is your system available in AWS Cloud in 13 countries?
   7. Vetted partners for peace of mind – Do you trust your provider to handle your data securely and responsibly? At Echoworx, we subject our business to regular audits. We are proud to be: SOC2, PCI DSS and OpenID Connect RP Certified, as well as WebTrust compliant.

One last thing to look for in an encryption provider: a track record of positive return on investment (ROI).

A Forrester Total Economic Impact™ study revealed that a typical enterprise-level organization using Echoworx’s encryption platform can expect an ROI of 155 per cent—with upwards of $2.7M in cost-mitigating benefits. This same study showed that using Echoworx’s self-service support options—like automatic password resets—increases call centre productivity, removes the need for additional overhead and can save enterprise-level organizations almost $320K over three years.

Get the full Forrester Total Economic Impact™ study of Echoworx now.

As you can see, the cost of unencrypted email communications is high and the risk too great. Isn’t it time you found a trusted encryption provider that can meet the needs of your business and customers?