Encryption: A nice idea that few want to implement?
Computerworld - Companies are not embracing encryption as a way to protect sensitive data. According to Ponemon Institute's 2005 National Encryption Survey, only 4.2% of companies responding to our survey say their organizations have an enterprisewide encryption plan.
However, the study also reveals that encryption is viewed by many as an important security tool that enhances the IT professionals' overall sense of trust or comfort in data-protection efforts. The primary reasons cited for not encrypting sensitive or confidential information were concern about system performance (69%), complexity (44%) and cost (25%). (See "Securing Card Data Isn't An Easy Sell.")
Sponsored by PGP Corp., this independent study was conducted to learn what privacy and security professionals think about encryption and how adequate they believed their organization's security programs are to protect sensitive and confidential information.
Encryption is mostly used to protect sensitive or confidential electronic documents when sending them to another system or location (47%), according to our survey results. Only 31% of respondents encrypt data on a device such as a server or laptop, and 24% encrypt sensitive or confidential backup files or tapes before sending them to off-site storage locations.
Given the number of security breaches that are being reported, it seems that now might be a good time to look more closely at encryption. Just this week, for example, tapes containing data on 2 million ABN Amro customers went missing, although the tapes were later recovered (see Update: Missing ABN Amro tape with 2 million names found). And companies are starting to be held liable for not safeguarding data. The Federal Trade Commission recently charged shoe discounter DSW Inc. with failing to provide reasonable and appropriate security for sensitive customer information, because the company allegedly stored information in unencrypted files that could be accessed easily using a commonly known user ID and password. DSW recently settled with FTC over charges that its data-security failures constituted an unfair practice under federal law, allowing hackers to access credit card, debit card and checking account information of more than 1.4 million consumers.
Our Web-based survey used two proprietary data sets composed of privacy and information security professionals. Both require subjects to opt in prior to making contact. All data was captured through e-mail or letter invitation to a secure extranet Web site. The total sampling frame included 6,298 individuals. Of these, more than 91% were designated as information security specialists, and the remaining 9% were designated as information privacy specialists.
The total number of completed responses was 791, making a 13% response rate. 81% of the final sample is
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Gartner 2013 Magic Quadrant for Enterprise Backup/Recovery Software See why CommVault was positioned as the #1 leader in Gartner's 2013 Magic Quadrant for Enterprise Backup/Recovery software for the 3rd year in...
- Forrester Report: CommVault is a Leader in Enterprise Backup and Recovery In this report, Forrester takes a deep dive into the evaluation criteria, how CommVault is positioned and the features and functionality that make...
- Forrester Wave for Enterprise Backup and Recovery Read this report to see how CommVault continues to outpace its competitors and why Forrester positioned CommVault Simpana as the top backup and...
- Architecting the Network of the Future Networks need to change, as does the way IT thinks about and manages them. In addition to reliability, IT must now add higher...
- Data Protection and Disaster Recovery with iSCSI and VMware Get this on demand webcast now
- Four Myths of High-Productivity App Dev Debunked Debunk the main myths surrounding high-productivity application development and how both platforms have overcome them. All Privacy White Papers | Webcasts