Survey Finds Enterprises Lose an Average of $124,965 Annually from Fragmented Encryption Solutions
Encryption use is growing, but many companies don’t seem to have a handle on that growth.
According to a new survey by Symantec, while 48 percent of the 1,575 enterprises surveyed have increased their use of encryption during the past two years, one-third admitted that unapproved encryption deployment is happening on a “somewhat to extremely frequent” basis. In addition, 52 percent of the surveyed organizations have experienced serious issues with encryption keys including lost keys (34 percent) and key failure (32 percent). Twenty-six percent have had former employees who have refused to return keys.
Other recent surveys regarding encryption and key management have uncovered similar situations. In a poll released earlier this year by key management vendor Venafi, 54 percent of the 471 enterprise managers and executives surveyed revealed their organization either had encryption keys that were unaccounted for or stolen or were uncertain if they did. When it came to digital certificates, the figure was 51 percent.
Given the aforementioned stats, it should not be surprising that organizations in the Symantec survey did not express all that much confidence in their key management process. Forty percent are less than somewhat confident they can retrieve keys, and 39 percent are less than somewhat confident they can protect access to business information from disgruntled employees.
Part of the solution is to understand the lifecycle of sensitive data in the enterprise, Matthews said, noting that businesses need to know where confidential information resides and whether or not encryption has been properly applied. Not having a handle on the encryption can be costly – in fact, the survey found the inability to access important business information due to fragmented solutions and poor key management costs organizations an average of $124,965 per year.
Last year, Symantec purchased encryption vendors PGP and GuardianEdge to build out its offerings in the space in order to offer more holistic security capabilities to customers. According to Joe Gow, director of product management at the firm, issues with key management and multiple point products make it difficult to protect information.
“As the Enterprise Encryption Trends survey demonstrates, encryption needs to evolve from a fragmented protection historically implemented at the line of business level to a capability that is managed as a core component of organizations’ IT security operations,” Gow said in a statement.
Related Reading: Are You Gambling with Your Mission-Critical Security Assets?