Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Protection

Full Disk Encryption Proves Its Worth, Ponemon Study

The benefits of using full disk encryption far outweigh the costs of deploying the product, which is more than just the cost of purchasing the software, according to a new study.

The benefits of using full disk encryption far outweigh the costs of deploying the product, which is more than just the cost of purchasing the software, according to a new study.

The Total Cost of Ownership for Full Disk Encryption study released Tuesday examined the benefits and costs of deploying full disk encryption (FDE) products within the organization. When compared to the potential damage caused in the advent of a data breach, the cost of encrypting every single bit of data stored on the drive is a “fraction” of the value gained by protecting the information, the study found. The primary benefit was the lower probability of having a data breach as a result of a lost or stolen coputer.

The study, sponsored by WinMagic and conducted by Ponemon Institute, surveyed 1,335 IT and IT security professionals in the United States, United Kingdom, Germany, and Japan. The survey participants represented various industry sectors and on average had 10 years of IT experience.

“The results clearly show that the benefits for encryption are extremely compelling” said Larry Ponemon, chairman of the Ponemon Institute.

However, companies underestimate the total cost of ownership for encryption, such as the amount of time it takes a technician to perform a procedure, the study found. The software cost of the product license and maintenance contract was only a “small fraction” of the total cost to the organization.

Organizations don’t always understand the amount of technician time that is required to complete a procedure or the amount idle time by users because they can’t access their computers during the encryption process. The most expensive component of having full disk encryptions comes for the amount of time it takes to work on an encrypted machine. Machines with fully encrypted disks took extra time to start-up, shutdown and hibernate, adding 42 seconds to each day. In one year, that amounts to nearly three hours per employee lost.

The smallest and largest organizations fared the worst in the report’s total cost of ownership analysis. FDE deployment and maintenance had a total cost of $399 for organizations with fewer than 50 employees and $313 for organizations with more than 25,000 employees. Amount of regulation also matters, as heavily regulated industries such as financial services and healthcare had the highest total costs, with $385 and $363, respectively.

“This study really allowed us to get very granular as it relates to the optimum use of encryption and understanding the total cost of ownership,” Ponemon said.

Advertisement. Scroll to continue reading.

German organizations were more likely than other countries in the report to encrypt sensitive and confidential information. More than 50 percent of German respondents said their organizations encrypted trade secrets, financial confidential documents and employee records.

With the exception of Germany, organizations in the remaining countries reported nearly a third of the stolen computers contained sensitive information that had been encrypted. German organizations said that only a quarter of the computers had information in clear text.

Reasons for Encrypting DataThe reasons for encrypting the data also vary across regions. Respondents from the US, Germany and Japan looked for strong security when evaluating encryption products. UK organizations are more concerned about performance and speed.

“WinMagic has long held the belief that innovative features can help to significantly reduce the cost of deploying and operating full disk encryption, while optimizing compliance and user satisfaction,” said Garry McCracken, vice-president of technology partnerships at WinMagic.

U.S., UK and German organizations mainly encrypt their data to comply with state and national data protection laws. In contrast, Japanese organizations encrypt data at rest to comply with industry and self-regulatory requirements, such as PCI DSS, ISO and NIST, the report found.

WinMagic said the report found that the costs of deploying full disk encryption are higher than just the cost of the software license. Using “free” encryption products bundled with operating systems doesn’t really affect total cost, since there are other issues to consider. In fact, WinMagic said the free products may have significantly higher costs than commercial products if they interfere with existing user and IT processes.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

Compliance

The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...

Data Protection

While quantum-based attacks are still in the future, organizations must think about how to defend data in transit when encryption no longer works.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...