Encryption: A nice idea that few want to implement?
Computerworld - Companies are not embracing encryption as a way to protect sensitive data. According to Ponemon Institute's 2005 National Encryption Survey, only 4.2% of companies responding to our survey say their organizations have an enterprisewide encryption plan.
However, the study also reveals that encryption is viewed by many as an important security tool that enhances the IT professionals' overall sense of trust or comfort in data-protection efforts. The primary reasons cited for not encrypting sensitive or confidential information were concern about system performance (69%), complexity (44%) and cost (25%). (See "Securing Card Data Isn't An Easy Sell.")
Sponsored by PGP Corp., this independent study was conducted to learn what privacy and security professionals think about encryption and how adequate they believed their organization's security programs are to protect sensitive and confidential information.
Encryption is mostly used to protect sensitive or confidential electronic documents when sending them to another system or location (47%), according to our survey results. Only 31% of respondents encrypt data on a device such as a server or laptop, and 24% encrypt sensitive or confidential backup files or tapes before sending them to off-site storage locations.
Given the number of security breaches that are being reported, it seems that now might be a good time to look more closely at encryption. Just this week, for example, tapes containing data on 2 million ABN Amro customers went missing, although the tapes were later recovered (see Update: Missing ABN Amro tape with 2 million names found). And companies are starting to be held liable for not safeguarding data. The Federal Trade Commission recently charged shoe discounter DSW Inc. with failing to provide reasonable and appropriate security for sensitive customer information, because the company allegedly stored information in unencrypted files that could be accessed easily using a commonly known user ID and password. DSW recently settled with FTC over charges that its data-security failures constituted an unfair practice under federal law, allowing hackers to access credit card, debit card and checking account information of more than 1.4 million consumers.
Our Web-based survey used two proprietary data sets composed of privacy and information security professionals. Both require subjects to opt in prior to making contact. All data was captured through e-mail or letter invitation to a secure extranet Web site. The total sampling frame included 6,298 individuals. Of these, more than 91% were designated as information security specialists, and the remaining 9% were designated as information privacy specialists.
The total number of completed responses was 791, making a 13% response rate. 81% of the final sample is
- Combating Identity Theft in a Mobile, Social World Offering identity theft protection and remediation allows businesses to give their workforce the confidence to efficiently engage while bringing financial reward to the...
- After a Breach: Managing Identity Theft Effectively This white paper from LifeLock Business Solutions notes that FIs in addition to managing fraud should strive to turn a negative event for...
- Combating Identity Fraud in a Virtual World This slide presentation reveals findings from the Javelin Strategy & Research 2012 Identity Fraud Report about mobile and social trends, the real risks...
- API Playbook: Drive API Adoption Through Developer Engagement Learn the best practices of how to engage developers, whether your goal is to attract external developers to your public APIs or improve...
- Data Protection and Disaster Recovery with iSCSI and VMware Get this on demand webcast now
- API Management: The Key to Improving the Consumer Travel Experience Join PhoCusWright's Senior Technology Analyst, Norm Rose, as he shares his insights on how travel suppliers and intermediaries can improve industry data flow... All Privacy White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!