Large organizations really started encrypting data in earnest over the last 5-7 years. Risk/compliance officers, security professionals and functional IT staff implemented encryption technologies on an ad-hoc basis. No standards, no centralized command-and-control, no consistent monitoring and auditing — nada. Encrypted data is confidential but could be easily decrypted if there is one encryption key that everyone knows. In lieu of this, the data is not nearly as secure as they think it is.”]
Source: https://www.csoonline.com/article/2221916/it-s-time-for-an-enterprise-encryption-strategy.html