Survey: Encryption challenges remain
By Miya Knights,
More than a third of organisations still do not know if they will encrypt their backup tapes and half do not know where they would store their tape backup encryption keys.
Those are the two most glaring findings of the new 2008 Encryption and Key Management Benchmark Survey conducted published today by Thales.
Among just over 300 European and US organisations that responded to the survey, conducted by research firm Trust Catalyst, web server and SSL encryption top the list of target areas with 94 per cent being encrypted, closely followed by desktop file and email encryption, and full disk encryption.
“It is encouraging to see that more organisations are proactively securing sensitive data but the survey suggests there is still room for improvement,” said Bryta Schulz, vice president product marketing at Thales Information Systems Security.
But tape backup encryption only featured eleventh in the list, below USB and mobile device encryption, potentially leaving a major hole in enterprise data protection strategies according to the survey.
Schulz said the survey suggested most organisations still appear to be securing sensitive data in an unplanned and unstructured way leaving both the organisation and data at risk.
“In particular, it is surprising to see that the use of tape backup security is so low in the list of priorities given the risks associated with lost tape and data recovery and we believe this shows organisations are struggling with key management issues for data storage applications.”
When asked where encryption keys would be stored, more than 40 per cent of respondents said they “don't know” for seven out of 13 encryption applications. And, where they did know, the most popular answer was in software on disk, when best practice for securing encryption keys is in a hardware security module.
And highlighting concerns about backing up and revoking or terminating keys to prevent unauthorised data access, 69 per cent of respondents said they would chose to use automated and centralised key management systems as opposed to manual processes.
“It is concerning to see that the high level of encryption planned does not correspond with an understanding of the risks associated with the storage and retrieval of encryption,” added Schulz.
Related Tags
advertisement
Latest Security Features
Who should be Britain’s cyber security czar?
Experts reveal what a UK head of cyber security would need to do, while we put forward possible candidates for the role.
- The reality of movie technology
- Do smartphones need security software?
- Protecting the London 2012 Olympic Games
- Focus on... Flexible working
- Cyber policing and surveillance in Britain today
- How an FBI agent transformed Microsoft security
- Can security concerns kill cloud computing?
- GhostNet: Did the Chinese government hack the world?
- How poor web security nearly lead to a jail term
Latest Security Reviews
HP BladeSystem c3000 review: blade server
Rating: 
- CA ARCserve Backup r12.5 review
- FaceTime Communications USG530 - web filtering appliance review
- Guardium 7 – database security review
- Google Apps Premier Edition
- SmoothWall UTM-1000 review
- Lenovo ThinkPad USB Portable Secure Hard Drive
- LogRhythm LR-500-XM review
- EXCLUSIVE - eSoft ThreatWall 250
- Zebra RZ400 - RFID Printer
advertisement
Latest News Videos in Security
Video: Mobile security threats and Mac complacency
PlayPart two: Eugene Kaspersky, chief executive and founder of Kaspersky Lab, talks about the increasing security threats mobile users are facing.
Whitepapers
Want more background on today's hottest IT trends?
Visit IT PRO's whitepaper library for more on virtualisation, encryption and other topics.
Register for IT PRO
You'll get exclusive member benefits including free whitepapers, downloads, Webinars and weekly newsletters full of the latest IT PRO news, reviews, insight and expertise.
Social Bookmark this article: What is this?