There are lots of good reasons for IT leaders to pay attention to even the finest details of encryption policies. One of the more practical is that encryption's a board-level concept. As in, the board of directors will feel no hesitation in second guessing decisions not to encrypt data that ends up exposed.Which makes the findings in this week's cover story on encryption all the more surprising.Based on exclusive InformationWeek Analytics research, it finds nearly all companies use some encryption, but only 14% says it's pervasive at their companies. A fourth have database table-level encryption. And about 3 out of 5 companies don't encrypt mobile devices, despite their habit of disappearing loaded with confidential data.

Regulatory compliance seems to be driving what encryption momentum there is, laments InformationWeek contributor Michael A. Davis, in the article. Writes Davis:

Encrypting a subset of data amounts to a "get-out-of-jail-free card" because it may relieve companies from having to notify customers of a breach. But knowingly doing the bare minimum to check a compliance box isn't security; it's a cop-out.

Davis knows there are real obstacles to broader encryption use, and he explores areas such as the difficulty of key management. He examines the viability of tokenization, one of the more promising emerging data security tools. Beyond the cover story, we have a 38-page research report with additional analysis and more research on encryption issues, at informationweek.com/analytics/token.

Feel free to forward a copy to your board of directors, as well.

Download a PDF of the full issue of InformationWeek here.