Like it or not, encryption will become part of most data at rest.

Companies of all sizes are exploring encryption because of a real threat of losing data or having it stolen, and because of government regulations such as the Sarbanes-Oxley Act, the Gramm-Leach-Bliley Act and HIPAA, which require protection of Social Security numbers, credit card data and other sensitive information. While encryption isn't required, it can provide an easy, blanket solution.

"First, we had the market leaders. Now, we're getting the midsize companies realizing that personal confidential information regulation is there to stay," says Eric Ouellet, a privacy and security analyst at Gartner Inc. Ouellet says he saw a tenfold increase in customer calls about encryption technology beginning in January 2005.

Security threats aren't confined to the backup tapes stored at off-site facilities anymore, though last year's highly publicized losses of tapes belonging to Bank of America Corp., Time Warner Inc. and Citigroup Inc. put a spotlight on the need for encryption. Laptops and databases need encryption too.

Still, organizations are reluctant to use encryption. In the Ponemon Institute's 2005 National Encryption Survey, only 4.2 percent of the nearly 800 companies polled said they have enterprisewide encryption plans. The primary reasons cited for not encrypting sensitive or confidential information were concerns about system performance (69 percent), complexity (44 percent) and cost (25 percent).