The encryption maturity curve
Davey Winder puts forward a strategic business case for encryption.
Spending on encryption within the enterprise is increasing, and the latest Thales/Ponemon Global Encryption Trends Study suggests that it's now being seen more as a strategic business issue rather than just something for the IT department.
At the same time, separate research from Kaspersky Lab reveals that more than a third of companies do not use encryption at all.
The Kaspersky study, which questioned some 5,000 senior IT managers, produced some pretty disturbing numbers. Just over a third (34 per cent) are not using file and folder level encryption and 17 per cent have absolutely no plans to do so in the future. Some 36 per cent are not using full disk encryption and 18 per cent have no plans to do so.
This apparent lack of concern when it comes to security within the enterprise leaves corporate data at risk of exposure should a breach occur. Indeed, simply not employing the most basic safeguard of encryption is worrying at a business strategy level.
The historical record shows us that when a breach occurs, be that corporate espionage, accidental leakage or concerted hacker attack, the damage to business branding is far greater when the data stolen is left unencrypted. Where customer logins, passwords, financial data is exposed the risk to them individually is obvious, but the reputational ripple effect on any company that fails to take adequate measures to protect that data spreads much further and last longer.
Thankfully, according to the latest Ales and Ponemon Institute study into encryption trends, enterprises are increasingly viewing encryption and key management as being strategic business issues. What's more, businesses are increasing investment in encryption across the enterprise.
The Global Encryption Trends Study has a few things going in its favour, not least historical data stretching back over eight years now that provides a real insight into adoption rates and strategic trends. Indeed, it reveals that there has been a very steady increase in the deployment of encryption in the enterprise over those eight years - spending on encryption as a percentages of the overall IT security budget has risen from 10 per cent in 2005 to 18 per cent in 2012. One of the interesting changes is that rather than being driven purely by IT security professionals, it appears that there is a noticeable switch to encryption being perceived as a strategic issue amongst business leaders, with 'business managers' now becoming the most influential group when it comes to establishing an encryption strategy in the US for the first time for example. Of course, while business leaders are becoming more influential with regards to encryption use, IT leaders remain the most important link in the encryption determination chain globally for now.
However, this move to a strategic investment outside of the IT department shouldn't really come as any great surprise, given the amount of media coverage there has been of high profile data breaches at some very large concerns. The report reveals, however, that when it comes to most significant perceived threats to exposing sensitive data it is employee error, system malfunction and forced disclosure through legal e-discovery requests that outweigh concern over hackers and attackers.
The IT Pro guide to Windows 10 migration
Everything you need to know for a successful transitionDownload now
Managing security risk and compliance in a challenging landscape
How key technology partners grow with your organisationDownload now
Software-defined storage for dummies
Control storage costs, eliminate storage bottlenecks and solve storage management challengesDownload now
6 best practices for escaping ransomware
A complete guide to tackling ransomware attacksDownload now