5. OS-based encryption protection is sufficient for enterprises. Encryption capabilities available through operating systems do offer some degree of protection against breaches, read the report, but these solutions lack the manageability and the cross-platform support that characterize serious enterprise solutions. "For complying with regulatory mandates, data security solutions that let administrators centrally manage the key operations, determine the data content to encrypt, and ensure that corporate policies and practices are being followed, offer a more effective approach," the report read. "When a centralized management approach is applied, the level of data security rises, since the likelihood of sensitive files remaining encrypted diminishes."

[See also: Data exchange key to drawing stimulus funds.]

6. There is no compelling reason to encrypt data. According to the report, protection of assets, which is the primary reason for encrypting data, encompasses two major concerns that are fundamental to organizations of any size and include meeting the local, state, and federal regulations, as well as preventing unauthorized individuals from gaining access to PHI. "When implemented properly, encryption of sensitive data can satisfy the requirements of most laws and mandates," the report read. "Data encryption backed by a solution that ensures organization-wide compliance serves these goals very effectively."

7. IT departments have no practical way to protect mobile devices. With the rising popularity of mobile devices comes a new imperative for data protection, according to the report. "Incorporating mobile devices, as well as equipment that runs diverse operating systems, can be an IT nightmare, unless a solution accommodates all types of computing devices in a uniform, consistent, manageable way," it read. Since employees use mobile devices running on different platforms, it's important for devices to be integrated into the infrastructure and data security strategy. "A mechanism for protecting mobile devices should be an integral part of any serious data security solution," it added. "Modern solutions allow you to monitor the data security status of all devices used by a user, irrespective of the form factor or operating system used, within a single administration console."