“While many organizations understand the importance of encrypting their data, issues with key management and multiple point products can give them inconsistent visibility into what has been protected,” said Joe Gow, director, product management, at Symantec. “As the Enterprise Encryption Trends survey demonstrates, encryption needs to evolve from a fragmented protection historically implemented at the line of business level to a capability that is managed as a core component of organizations’ IT security operations.”
Encryption use is growing rapidly but fragmented. Forty-eight percent of enterprises increased their use of encryption over the past two years. The respondents state that almost half of their data is now encrypted at some point in its lifecycle. The typical organization reports they have five different encryption solutions deployed. Use of encryption in rogue projects. According to the survey, one-third of respondents said unapproved encryption deployment is happening on a somewhat to extremely frequent basis. Because these projects are not necessarily following the company’s best practices, 52 percent of organizations have experienced serious issues with encryption keys including lost keys (34 percent) and key failure (32 percent). In addition, 26 percent have had former employees who have refused to return keys. Organizations express concerns about key management. Organizations are not very confident in their ability to effectively manage encryption keys. Forty percent are less than somewhat confident they can retrieve keys. Thirty-nine percent are less than somewhat confident they can protect access to business information from disgruntled employees. Encryption point product issues costing enterprises. All of the organizations reporting encryption key issues incurred some sort of related costs. The most common costs include inability to meet compliance requests (48 percent), inability to respond to eDiscovery requests (42 percent), and inability to access important business information (41 percent). In addition, the average loss from encryption-related issues is $124,965 per year.
Symantec recommends the following for organizations to build a plan that avoids some of the pitfalls seen by the survey respondents.
Understand the lifecycle for encryption processes and anticipate challenges involved with protecting data in an increased number of places. Plan a data recovery process that meets your organization’s needs and accounts for the ability to sever access to data in cases of disgruntled employees and former employees. Build a plan for consistent enterprise-wide encryption and key management prior to deploying encryption. Encrypt assets, starting with email, laptops and mobile devices, before experiencing a data breach. Anticipate the effects of mobility and cloud computing and the need to encrypt data stored outside of the enterprise, including file shares and cloud storage.
Symantec’s Enterprise Encryption Trends Survey
Symantec’s Enterprise Encryption Trends Survey is the result of research conducted in September 2011 by Applied Research, which surveyed C-level, tactical management, and strategic management. The report was designed to examine encryption use within enterprise organizations. The survey included 1,575 organizations from 37 countries in North America, EMEA (Europe, Middle East and Africa), Asia Pacific, and Latin America.
2011Enterprise Encryption Trends Survey (PDF) Infographic: Can IT Keep Up With Encryption Explosion? (PDF) SlideShare: 2011 Enterprise Encryption Trends Survey
Connect with Symantec
Follow Symantec on Twitter Join Symantec on Facebook Subscribe to Symantec News RSS Feed View Symantec’s SlideShare Channel View Symantec Connect Business Community
Symantec is a global leader in providing security, storage and systems management solutions to help consumers and organizations secure and manage their information-driven world. Our software and services protect against more risks at more points, more completely and efficiently, enabling confidence wherever information is used or stored. More information is available at www.symantec.com.