Survey Finds Enterprises Lose an Average of $124,965 Annually from Fragmented Encryption Solutions
Encryption use is growing, but many companies don’t seem to have a handle on that growth.
According to a new survey by Symantec, while 48 percent of the 1,575 enterprises surveyed have increased their use of encryption during the past two years, one-third admitted that unapproved encryption deployment is happening on a “somewhat to extremely frequent” basis. In addition, 52 percent of the surveyed organizations have experienced serious issues with encryption keys including lost keys (34 percent) and key failure (32 percent). Twenty-six percent have had former employees who have refused to return keys.
“If the corporation is the one that is ultimately responsible for the security of the data and that will be fined for any kind of data breach, and is the one responsible for actually getting access to the data in the event that a court action, they actually cannot tolerate the use of unsanctioned encryption because they might not be able to actually recover the data on the behalf of the company,” noted Tim Matthews, senior director product marketing at Symantec.
Other recent surveys regarding encryption and key management have uncovered similar situations. In a poll released earlier this year by key management vendor Venafi, 54 percent of the 471 enterprise managers and executives surveyed revealed their organization either had encryption keys that were unaccounted for or stolen or were uncertain if they did. When it came to digital certificates, the figure was 51 percent.
Given the aforementioned stats, it should not be surprising that organizations in the Symantec survey did not express all that much confidence in their key management process. Forty percent are less than somewhat confident they can retrieve keys, and 39 percent are less than somewhat confident they can protect access to business information from disgruntled employees.
Part of the solution is to understand the lifecycle of sensitive data in the enterprise, Matthews said, noting that businesses need to know where confidential information resides and whether or not encryption has been properly applied. Not having a handle on the encryption can be costly – in fact, the survey found the inability to access important business information due to fragmented solutions and poor key management costs organizations an average of $124,965 per year.
Last year, Symantec purchased encryption vendors PGP and GuardianEdge to build out its offerings in the space in order to offer more holistic security capabilities to customers. According to Joe Gow, director of product management at the firm, issues with key management and multiple point products make it difficult to protect information.
“As the Enterprise Encryption Trends survey demonstrates, encryption needs to evolve from a fragmented protection historically implemented at the line of business level to a capability that is managed as a core component of organizations’ IT security operations,” Gow said in a statement.
Related Reading: Are You Gambling with Your Mission-Critical Security Assets?
