Last year's data breach incidents were all different, ranging from sophisticated wireless attacks on TMaxx to sheer incompetence at HM Revenue & Customs.
The only answer is to encrypt everything, according to the panel.
"In theory for data protection you should do a data audit and classification to decide what to encrypt, but in practice this doesn't work. It is just too hard," said Etienne Greeff, services director at network security integrator MIS CDS.
"You need total encryption that covers all areas. It needs a complete rollout so that you do not have to rely on correct user actions. You cannot do it with half measures."
Greeff pointed out that this would also make the management of networks much simpler.
The coming economic slowdown means that IT departments will have fewer staff to manage networks, and automation of some functions, such as encryption, is a logical step.
"The problem is that most IT managers do not have a clear idea of how many mobile devices there are in a company or what is on them," said Thomas Raschke, senior analyst at Forrester.
"This should force us to put our own houses in order and encrypt our systems, as well as getting proper policies in place."
Raschke explained that the alternative is to get a lot smarter about the information that companies are protecting.
The analyst offered the analogy of a house fire during which it is clearly better to rescue "priority items like people rather than everything including the kitchen sink".
However, this may be problematic. With 80 percent of corporate data loss coming from within the firewall (i.e. from employees) encrypting everything is a good solution.
Experts encourage total encryption
By Iain Thomson on Apr 16, 2008 2:28PM