Survey: Encryption challenges remain
By Miya Knights,
More than a third of organisations still do not know if they will encrypt their backup tapes and half do not know where they would store their tape backup encryption keys.
Those are the two most glaring findings of the new 2008 Encryption and Key Management Benchmark Survey conducted published today by Thales.
Among just over 300 European and US organisations that responded to the survey, conducted by research firm Trust Catalyst, web server and SSL encryption top the list of target areas with 94 per cent being encrypted, closely followed by desktop file and email encryption, and full disk encryption.
“It is encouraging to see that more organisations are proactively securing sensitive data but the survey suggests there is still room for improvement,” said Bryta Schulz, vice president product marketing at Thales Information Systems Security.
But tape backup encryption only featured eleventh in the list, below USB and mobile device encryption, potentially leaving a major hole in enterprise data protection strategies according to the survey.
Schulz said the survey suggested most organisations still appear to be securing sensitive data in an unplanned and unstructured way leaving both the organisation and data at risk.
“In particular, it is surprising to see that the use of tape backup security is so low in the list of priorities given the risks associated with lost tape and data recovery and we believe this shows organisations are struggling with key management issues for data storage applications.”
When asked where encryption keys would be stored, more than 40 per cent of respondents said they “don't know” for seven out of 13 encryption applications. And, where they did know, the most popular answer was in software on disk, when best practice for securing encryption keys is in a hardware security module.
And highlighting concerns about backing up and revoking or terminating keys to prevent unauthorised data access, 69 per cent of respondents said they would chose to use automated and centralised key management systems as opposed to manual processes.
“It is concerning to see that the high level of encryption planned does not correspond with an understanding of the risks associated with the storage and retrieval of encryption,” added Schulz.
You may also like...
advertisement
Latest Security Features
Q&A: The ID card commissioner talks cards and controversy
We spoke to ID card commissioner Sir John Pilling about his thoughts on the identity scheme and why we might all think he's a bit of prat down the line.
- So you've been hacked, now what?
- The problems facing Internet Explorer
- Year in Review: 2009 in your words
- Top 10 security predictions for 2010
- Year in Review: Top tech stories of 2009
- The worst IT disasters of 2009
- Five free security software suites
- How to stay safe shopping online
- Is it time to switch to IPv6?
Latest Security Reviews
Symantec Backup Exec 2010 review
Rating: 
advertisement
Most popular
- Your Views: Google Street View across the UK
- Reviews round-up: Windows Phone 7 and Firefox Mobile
- Q&A: Conrad Wolfram on communicating with apps in Web 3.0
- Why is Microsoft accelerating Service Pack 1?
- Palm 'disapointed' by results, Pre sales
- Google updates Chrome, awards security bonus
- Report: Macs cost less to run than Windows PCs
- A guide to BlackBerry Messenger 5.0
- Windows Phone 7 review ? hands on
- HTC Legend review
Latest News Videos in Security
Video: Why security is everybody's responsibility
PlayRik Ferguson, senior security advisor at Trend Micro says it's up to all of us to make security work.
Whitepapers
Want more background on today's hottest IT trends?
Visit IT PRO's whitepaper library for more on virtualisation, encryption and other topics.
Register for IT PRO
You'll get exclusive member benefits including free whitepapers, downloads, Webinars and weekly newsletters full of the latest IT PRO news, reviews, insight and expertise.