Companies Encrypting Data, But Not Everywhere, Venafi Survey FindsJuly 28, 2011
An overwhelming majority of organizations, 90%, use encryption for data security and systems authentication, according to a survey of security practices conducted on behalf of enterprise key and certificate management firm Venafi. Moreover, the survey showed strong overall security programs in the majority of organizations.
In terms of overall security practice, well over half the organizations surveyed have formal management policies and procedures in place in all eight areas designated by the survey: change, patch, vulnerability, encryption key, IP address, server traffic, network and configuration management.
About half the respondents encrypt data for three potentially sensitive data types (customer, employee and transactional), and just over a third encrypt intellectual property data.
However, only a fifth of the companies encrypt data across all four information categories, according to the survey of 420 senior-level security managers in enterprises and government agencies, mostly in the United States, conducted by information security research firm Echelon One.
A quarter of the organizations said they only encrypt data required by regulation, such as Payment Card Industry (PCI), which covers credit card data. Two of five respondents said they encrypt data on mobile devices, reflecting regulatory requirements and rising security concerns over mobility.
More than a third of the respondents encrypt information in public and private clouds, while about a quarter don’t. But 40% said they did not know if they are encrypting data in the cloud, perhaps indicating the use of cloud services outside IT knowledge or control.