by Daniel J. Solove
According to a survey commissioned by Thales e-Security, the use of encryption by organizations is increasing. Ten years ago, only 15% had an enterprise-wide encryption strategy. Now, 36% have such a strategy.
Some other interesting findings from the survey also found, according to a ZDNet article:
Industries with the highest use of encryption:
1. Financial Services
Type of data most likely encrypted:
1. Employee and HR Data
2. Financial Records
3. Intellectual Property
Only about a third encrypted customer information.
The main driver that inspired organizations to use encryption was regulation. This was more of a reason than “to protect information against specific, identified threats.” This fact shows that regulation plays an important role, as some are more motivated to follow regulation than to protect themselves against risks. Ironically, the costs of failing to follow regulation are often much less than the costs of a breach.
What about the 64% that aren’t using encryption in a systematic way? Why aren’t they?
The survey listed the challenge of locating the sensitive data as the biggest one. Another hurdle was figuring out the types of data to detect. Storing and managing encryption keys was also identified as a major challenge.
* * * *
This post was authored by Professor Daniel J. Solove, who through TeachPrivacy develops computer-based privacy training, data security training, HIPAA training, and many other forms of awareness training on privacy and security topics.
Professor Solove is the organizer, along with Paul Schwartz of the Privacy + Security Forum (Oct. 21-23 in Washington, DC), an event that aims to bridge the silos between privacy and security.