I just finished reading an article from a magazine that the big boys read. It had the results of their survey on the adoption of encryption. Bad news. Users want quick access to their data. So any encryption strategies rolled out to the enterprise get done one piece at a time. Well that might be good news if you are trying to break in.One related technology that seems to have taken hold is tokenization. A user has a credit card number that needs to be protected. So a system will instead use a token for the duration of the session. The token is a 64-bit number that is used in lieu of the credit card number.
So what are some other factors inhibiting the adoption of encryption? There is no clear standard for systems to work with each other. The Oasis group is working on KMIP (Key Management Interoperability Protocol). And the IEE is pitching P1619. The authors of the article I read were hopefully that Microsoft would lead the way with their Active Directory. Good luck with that.
