The Encryption Gap
Things that make us say "hmmm" include these stats: The percentage of respondents to our 2009 Strategic Security Survey who rated encrytion as effective in reducing risk dropped from 57% in 2008 to 48% in 2009. Use of disk, file, and backup media encryption ALL fell year over year by at least five percentage points. Backup encryption usage is down 10 points.
Things that make us say "hmmm" include these stats: The percentage of respondents to our 2009 Strategic Security Survey who rated encrytion as effective in reducing risk dropped from 57% in 2008 to 48% in 2009. Use of disk, file, and backup media encryption ALL fell year over year by at least five percentage points. Backup encryption usage is down 10 points.We are, frankly, appalled. What could explain these survey results? Afraid of losing your keys? Don't want to do recovery testing? FUD over algorithms?
The fact is, Nevada and Massachusetts are enacting legislation to require encryption of data on remote devices, and, frankly, there's no reason to think similar laws won't be passed in other states, even on a federal level. Many regulations and compliance frameworks have now embraced encryption as a requirement for data in motion and at rest.
To find out where the disconnect is coming from, and hopefully close the gap a bit, Michael A. Davis is working on an InformationWeek Analytics report that will explain how to use encryption technologies effectively from end to end. But first, we need your help with our comprehensive encryption survey covering the current state of encryption within the enterprise: What assets are, and are not, being encrypted to reduce the risk of exposure? Where sensitive data is going unencrypted, what's holding you back? Our survey also encompasses enterprise key management and database encryption.
This survey will take approximately 5 minutes to complete. Upon completion, you will be eligible to enter a drawing to receive one Apple 16GB iPod Touch, valued at $299, from TechWeb. Your responses will remain confidential and will be reported only in aggregate.
Thanks in advance.
Lorna Garey is executive editor of InformationWeek Analytics. She formerly was executive editor of Network Computing. Special to Dark Reading.
About the Author
You May Also Like