Enterprise encryption technology not fully exploited
Encryption does help reduce the likelihood of an enterprise data loss or data breach incident latest research has confirmed, but organisations are still not doing as much as they could with the technology.
In a study carried out by the reputable Ponemon Institute for PGP Corp, a third of those companies reporting no data loss incident in the last year claimed to have had instigated an enterprise-wide encryption policy.
In contrast, organisations experiencing the highest number of data loss incidents were found to be the least likely to have introduced a consistently enforced, company-wide strategy governing the use of data encryption technologies.
Of firms reporting more than five loss incidents, none had any kind of encryption strategy in place.
The study found that 57% of UK businesses are now using some type of encryption solution in order to protect sensitive information, with around 36% having introduced a partial strategy to protect certain applications, departmental activities or data such as credit card numbers.
“Encryption is most widely used to protect the data held on file servers, Virtual Private Networks (VPN) and databases. VOIP and mainframe encryption are the least deployed applications,” the report noted.
Despite the widespread use of smartphones, only 34% of the study partcipants said they believe it is only sometimes necessary to encrypt the confidential data held on portable devices. Some 13% think it completely unimportant.
As many as 615 IT security professionals at enterprises and public sector organisations were polled for the study, which found that 70% of UK organisations have been hit by at least one data breach incident within the last year. That number is up from 60% in the previous year.
In its 2009 Annual Study: UK Enterprise Encryption Trends, Ponemon notes that the public sector experienced the highest number of data loss incidents in the last year.
Phillip Dunkelberger, CEO of PGP said, “This study underlines the critical importance of implementing an encryption strategy that encompasses all aspects of an organisation’s data, not to just meet privacy or data security regulations but to also protect against brand damage and loss of customers.
Yesterday, Kent-based Jubilee Managing Agency Ltd became the latest company to be found in breach of the Data Protection Act, after the insurance company had to report the loss of an unencrypted disk containing the personal details of around 2,100 individual UK policyholders.
It has been instructed by the ICO to sign a ‘formal undertaking’ to enhance its data protection methods.
The Ponemon Institute has estimated the average UK data breach costs a total of £1.7 million – said to be the equivalent of £60 for every record compromised.