Posts Tagged ‘encryption’

PGP has released a new business guide entitled “Five Truths About Enterprise Data Protection” which talks about how to secure all your data devices – your laptops, USB drives, remote logins, phones and more. The five “truths” are basic statements about data and business, skewed towards the security offerings at PGP, including:

1. Business data is everywhere – and it’s on the move
2. Exposed data carries high costs & consequences
3. Only encryption can secure all your data, wherever it is
4. An enterprise-wide data encryption strategy reduces the risk of data breaches
5. Enterprise data protection liberates your business

As we’ve said before, encryption is only one piece of the data security puzzle and is not the only solution to all your security needs. For example, Absolute Software’s Computrace Complete can provide additional security in the form of IT Asset Management & Data & Device Security, such as tracking and remotely wiping missing devices. A comprehensive security policy will do a risk assessment and decide on which security tools are important to your corporate needs.

My favorite section in the brochure deals with the 5th Truth, and how a comprehensive security system will enable a business to protect all its data, all the time, wherever it is stored and however it travels. You can get the guide here.

According to the 2009 Annual Study on Enterprise Encryption Trends, completed by Ponemon Institute and sponsored by PGP, indicates that while encryption strategies have become more consistent, data breaches continue to be an issue. In addition, the data indicates that mobile security is becoming more of an issue, with 51% of respondents indicating a complete lack of encryption on mobile devices (smartphones, PDAs).

This is the 4th annual study on enterprise encryption, basing the data this year on 997 IT and security practitioners in the US (a UK study is also available). The study looks at trends in encryption use, planning strategies, budgeting, and deployment methodologies in enterprise IT.

Highlights from the study:

• 78% of organizations have an encryption strategy in place (74% in 2008)
• 85% experienced at least one data breach in the last 12 months (84% in 2008)
• 22% experienced >5 data breaches in the last 12 months (13% in 2008)
• 58% say data protection is a very important part of overall risk management
• 59% say encryption of data on mobile devices is very important or important
• 26% indicate they encrypt their smartphone or PDA ‘most of the time’
• 51% have no encryption in place for the smartphone or PDA

I was surprised that the repeat data breach figures had gone up so dramatically, showing perhaps that data breaches are becoming chronic issues in some companies. This could indicate a lack of proactive security planning and risk assessment.

The study does indicate that companies are seeking out encryption solutions to preserve brand and reputation, in addition to mitigating breaches and meeting compliance regulations. This shows, perhaps, that companies are ready to take a more pro-active approach to security planning. Remember, too, that encryption is only a part of the solution to pro-active security planning. Absolute Software can help with other pieces of that puzzle, providing IT Asset Management & Theft Recovery for laptops and mobile devices.

Download the report, for the UK or the US, here.

Via SC Magazine

Absolute Software and the Ponemon Institute announced the findings of a new study on the use of encryption on laptops in the corporate environment. The study found that 56% of US business managers disable laptop encryption, an action which increases the risk of data and identity theft. The study was also conducted for the UK and Canadian markets with very similar results.

The study was conducted in order to understand employees’ perceptions about ensuring information entrusted to their care remains effectively managed. This includes using encryption, strong passwords, and keeping their laptop physically safe when traveling. The study unearthed a number of troubling issues including a perception by employees that encryption solutions make other security measures unnecessary. IT security professionals were the most careful in abiding by precautionary steps in safeguarding data on their laptops, but non-IT employees were not so as careful (with 56% turning off encryption).

92% of IT security professionals indicate that a laptop has been lost or stolen in their organization. Of those stolen, 71% resulted in a data breach. In the event of a theft, companies relying solely on encryption cannot be sure whether all stored data on a laptop has been encrypted, if it has been compromised, or even which files have been accessed by thieves. To help solve security risks that encryption alone cannot adequately address, companies can employ a security solution that can locate a stolen or lost laptop, detect which data has been accessed, and remotely delete sensitive data. Such a solution, like Absolute’s Computrace, is not dependent on the diligent behavior of corporate employees.

“The data suggests that, because of user behavior, encryption alone is not enough to protect mobile devices and the sensitive data stored on them. These statistics are especially disconcerting when combined with our recent studies demonstrating that lost or stolen laptops are the number one cause of data loss, with 3 out of 4 companies experiencing a data breach when a laptop has been lost or stolen.” - Dr. Larry Ponemon, chairman and founder of The Ponemon Institute

“The Human Factor in Laptop Encryption: U.S. Study” key findings:

• 92% of IT security practitioners report that someone in their organization has had a laptop lost or stolen and 71% report that it resulted in a data breach;
• 56% of business managers have disengaged their laptop’s encryption;
• Only 45% of IT security practitioners report that their organization was able to prove the contents of missing laptops were encrypted;
• Only 52% of business managers – employees most likely to have access to the most sensitive data (personally identifiable information and/or intellectual property) – have employer-provided encryption;
• 57% of business managers either keep a written record of their encryption password, or share it with others in case they forget it;
• 61% of business managers share their passwords, compared to only 4% of IT managers; and,
• Business managers are much more likely than IT security practitioners to believe encryption makes it unnecessary to use other security measures for laptop protection.

The survey breaks down the types of encryption solutions used to protect data assets, from whole disk encryption to thumb drive encryption. The same questions were asked to IT professionals vs non-IT professionals (business managers), with differing perceptions of security protocols. Here’s a preview of one of the data segments from the survey:

To receive a full copy of the study on the Human Factor in Laptop Encryption, for the US, UK and Canadian markets, fill out this form.

RSA just released the results of their annual wireless security survey. The survey indicates that, with wireless use up dramatically in home, business and public hot-spots, encryption is improving. 97% of corporate access points in New York City were encrypted, up from 76% last year.

The improvements are not universal across major cities, with London having 20% of wireless access points without any form of encryption. In addition, this survey (for the first time) looked at the type of wireless encryption standard used. The WEP standard is no longer adequate, so encryption is not quite as good at this level. Paris has advanced security on 72% of wireless access points, while NY and London had below 50%. The survey also looked, also for the first time, at in-home wireless security. The survey found security on home wireless networks to be superior to corporate networks.

Out of RSA also is a great blog post about the importance of the 5 Ps – Proper Planning Prevents Poor Performance. Worth a read! And to continue your reading, check out our laptop security best practices.

Image: ppdigital @morguefile

CertifiedMail and Osterman Research have released the findings of a study on encryption adoption.

The Encryption Solution Implementation Landscape report indicates that data is being put at risk mostly by a lack of understanding about encryption technologies. The three main areas that people cite as holding back encryption are: encryption legacy perceptions, a lack of awareness of the availability or ease of use of solutions, and a lack of understanding of the type of data that must be encrypted.

As Kelly Mackin, COO and President of CertifiedMail, notes, businesses no longer question the need for anti-virus or anti-spyware software, but it’s now the time to extend this line of thinking to other ways to protect confidential data. Encryption and laptop security software, among other security tools, should become standard practice.

Here are some of the highlights of the survey, which involved 205 organizations and more than 13,000 respondents:

• 47% of organizations did not have the ability to send encrypted emails from their desktops
• 45% can send encrypted email manually through their email client (22% of them found it difficult)
• 13% can send encrypted emails automatically through some sort of policy-based encryption capability
• 27% of organizations had experienced an accidental or malicious data leak during the previous 12 months

The survey found that users believed that encrypting email was a difficult process, although part of this has been attributed to perception rather than experience. Many users have experiences with legacy systems that have biased them against the easier tools today. The survey found an eagerness among respondents to have “click of a button” encryption available in email clients, with nearly one-half of users wanting automatic encryption capabilities.

Via security watch ; Image: iStockphoto.com