Data breaches drive growth in use of encryption, global study finds

[Audrey McNeil <audrey () riskbasedsecurity com>]

d
http://news.techworld.com/security/3501515/data-breaches-drive-growth-in-use-of-encryption-global-study-finds/

Data breaches have for the first time become the main reason enterrises
implement encryption technology, according to a study of global encryption
trends by The Ponemon Institute on behalf of security firm Thales
e-Security.

The firm found that 46 percent of the 4,800 enterprises and IT managers
questioned from around the world said that the main reason they invested in
encryption was that it could lessen the impact of breaches. This beat a
desire to protect brand reputation on 44 percent and the 40 percent
mentioning compliance as the motivation.

It's perhaps obvious that encryption makes stolen data less useful to
criminals but the growing importance placed on protecting data rather than
devices shows how the technology has risen from being precautionary measure
to that of a frontline defence.

Storing data without encryption, especially customer data, is increasingly
unthinkable with the US the most emphatic on this for 59 percent of those
questioned. Curiously, some countries fall short of this enthusiasm with
France in last place on 35 percent.

The reason is mainly local legislation and compliance regimes, with 61
percent of the US sample reporting that unencrypted customer data would
require breach notification as against 33 percent believing notification
would be necessary if it was.

On the face of it this is a bit surprising; many US organisations appear to
believe that breach notification would not be required simply because the
data had been encrypted. It is not clear that this is true although the
same divide appears in all countries looked at.

The study also uncovered the usual problems with deploying encryption as
well as identifying precisely where the sensitive data resides for it to be
applied.

The figures also show that encryption use has doubled since the report was
first compiled in 2005, and was now present in 30 percent of organisations.
Not surprisingly, financial services leads the way with 43 percent making
use of it.

Arguably, encryption use should be much higher. A major barrier remains the
complexity of key management. This can also be hugely expensive, or at
least firms believe it will be.

"Encryption usage continues to be a clear indicator of a strong security
posture but there appears to be emerging evidence that concerns over key
management are becoming a barrier to its more widespread adoption," said
 Ponemon Institute founder, Dr Larry Ponemon,

"For the first time in this study we drilled down into the issue of key
management and found it emerging as a huge operational challenge. But
questions are and should be asked about the broader topics of policy issues
and choice of encryption algorithms - especially in the light of recent
concerns over back doors, poorly implemented crypto systems and weak key
management systems."

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!