The top reasons for encrypting data include preventing data breaches, fulfilling compliance or audit mandates and protecting financial and other assets, according to a survey of more than 100 information security influencers and decisions makers from Vormetric and IANS.
More than half (54 percent) responded that their top challenge when implementing encryption is legacy technology and support for encryption. Other roadblocks include the cost of encryption technology (52 percent) and worries about impact on performance (44 percent).
Overall, 84 percent of respondents said they had considered a security strategy of encrypting all sensitive data.
“As I see it, small businesses are lacking their own data centers and IT professionals to manage infrastructure and have some big challenges with encryption— understanding where they must use it, how to manage it and how to make sure that it doesn’t hinder their operations,” Derek Tumulak, vice president of product management at Vormetric, told eWEEK. “It’s one reason that small businesses are increasingly relying on SaaS and other service providers to handle their needs. The challenge then becomes smaller.”
Encryption and other cryptographic technologies are basic building blocks within a larger, layered IT security strategy, he said. “It’s clear that there are multiple needs for these technologies across enterprises, with a multiplying set of use cases to protect sensitive data, as more information is collected, stored and used throughout enterprises to enable business and services.”
Tumulak noted over the next few years, enterprises will increasingly look for encryption solutions that support this need to protect data both at the OS level and within applications.
“These solutions will need to support more functionality than just encryption and key management, they must also help control access to information,” he said.
He also noted the most surprising finding from the study was the high level of reliance on full disk encryption (FDE) in data centers to protect sensitive data-at-rest (54 percent), right behind the well-recognized protection for data-in-motion, network encryption at 62 percent.
When it comes to mobile technology, Tumulak explained the fundamental issues are how much sensitive information should be exposed on mobile devices, how it can be viewed, and whether it is stored locally. This results in a requirement for encryption on the device. Another key issue is how to safeguard information collected from mobile devices and the sensitive information on back end systems from inappropriate or malicious mobile access.