Enterprise Encryption Trends Survey GLOBAL RESULTS

Transcription

1 Enterprise Encryption Trends Survey GLOBAL RESULTS

2 CONTENTS Executive Summary... 4 Methodology... 6 Finding 1: Encryption use growing rapidly but fragmented... 8 Finding 2: Use of encryption in rogue projects...10 Finding 3: Concerns about key management...12 Finding 4: Encryption point product issues costing enterprises...10 Symantec Recommendations...14 Enterprise Encryption Trends Survey 3

3 Enterprise Encryption Trends Survey Executive Summary The IT landscape is changing rapidly, with constant developments in business and personal connectivity. The proliferation of social networking platforms has drastically increased the amount of information people are sharing with each other socially and in business. Meanwhile, portable devices are continuing to increase in power and capability, and more employees than ever are staying connected to work wherever they are. Overshadowing these other trends is cloud computing, making more applications and files available from anyplace with an Internet connection. While on the surface these may seem unrelated to core security issues faced by enterprises, the fact is that more corporate data is being stored and accessed in more places. Cloud computing means that sensitive information is potentially residing on thirdparty servers, and as more employees perform work on mobile devices, organizations are one lost smartphone away from a potentially damaging data breach. One of the best ways to protect sensitive information, particularly when it resides outside of the direct control of IT, is encryption. But while it provides effective protection, it also poses its own unique challenges. In order to assess where organizations stand on encryption today, Symantec created the 2011 Enterprise Encryption Trends Survey. 4 Enterprise Encryption Trends Survey Enterprise Encryption Trends Survey 5

4 METHODOLOGY Symantec commissioned Applied Research to conduct the 2011 Encryption Trends Survey in September They contacted 1,575 enterprises globally (>1,000 employees in the U.S., >500 employees in other countries). The survey respondents were a mixture of C-level executives and IT management. The poll has a reliability of 95 percent confidence with +/- 2.5 percent margin of error. 6 Enterprise Encryption Trends Survey Enterprise Encryption Trends Survey 7

5 FINDING 1 Encryption use growing rapidly but fragmented With security concerns more pressing than ever, it should come as no surprise that enterprises are taking greater advantage of encryption technology. Not only are they concerned with attacks from outside the organization, but many industries particularly those dealing with the financial or health-related information of large numbers of people actually require the use of encryption. Over the past two years nearly half (48 percent) of the organizations surveyed have increased their use of encryption, recognizing how it can add one more layer of protection between their data and would-be thieves. In fact, respondents reported that 43 percent of their data is encrypted at some point. While adoption is high, that doesn t mean everybody is on the same page. We didn t see a consensus on a single, agreed-upon encryption product that was meeting everyone s needs. Some enterprises reported as many as five different encryption solutions deployed in their data center. Encryption Growth 48% 42% 48% of enterprises increased their use of encryption over the past two years 42% of data is encrypted at some point in its lifecycle 5 Typical organization has 5 different encryption solutions deployed 8 Enterprise Encryption Trends Survey Enterprise Encryption Trends Survey 9

6 FINDING 2 Use of encryption in rogue projects While the approved use of encryption is a valuable asset to IT, not all employees are employing the technology in approved ways. We asked respondents about how much unauthorized encryption they are seeing on their networks, and the number was surprising. One-third of enterprises reported that such incidents happen at least somewhat frequently. Another issue we are seeing with encryption is the loss or failure of keys. More than half (52 percent) of organizations have had serious problems with keys. Lost keys were reported by 34 percent, with nearly as many (32 percent) reporting key failure. Another problem is employees who refuse to return keys, which have been reported by a quarter of respondents. Rogue Projects Half have seen serious issues with encryption keys 34% 34% have lost a key 32% 32% have had a key fail 26% 26% have had former employees who refused to return keys 10 Enterprise Encryption Trends Survey Enterprise Encryption Trends Survey 11

7 FINDING 3 Concerns about key management Continuing with the concerns about key management, a surprising number of businesses expressed concern regarding retrieving them and keeping them safe. In fact, two in five respondents (40 percent) indicated that they are less than somewhat confident when it comes to retrieving keys quickly and efficiently. Compounding the problem, almost as many (39 percent) reported that, in the case of disgruntled employees, they are not confident in their ability to protect their critical information. Key Management Concerns 40% 40% less than somewhat confident they can retrieve keys 39% 39% less than somewhat confident they can protect against disgruntled employees 12 Enterprise Encryption Trends Survey Enterprise Encryption Trends Survey 13

8 FINDING 4 Encryption point product issues costing enterprises The end result of these other findings is that encryption issues are costing companies big. Not only are they losing money and productivity, but there are legal consequences as well. All of the respondents who had experienced issues with encryption (52 percent of those surveyed) also reported negative consequences as a result. In fact, nearly half of them (48 percent) were left unable to fulfill a compliance request, and almost as many (42 percent) had fines levied against them for failure to respond to ediscovery requests. Other damages incurred by these organizations that have struggled with encryption include the inability to access important business information (41 percent), brand damage (39 percent) and expenditure of IT resources (34 percent). When all of these consequences are considered, the average loss from encryption-related issues alone totaled $124,965 annually. $ $ $ $ Costing Enterprises 48% 48% report inability to meet compliance requests 42% 42% report fines due to inability to respond to ediscovery requests 41% 41% report inability to access important business information $124,965 Median Cost to Organizations 14 Enterprise Encryption Trends Survey Enterprise Encryption Trends Survey 15

9 Symantec Recommendations Given the high cost of encryption-related issues within the organization, what can businesses do to protect themselves and prevent these losses Symantec offers the following recommendations to make the encryption process more secure and efficient: Understand the lifecycle for encryption processes and anticipate challenges involved with protecting data in an increased number of places. Plan a data recovery process that meets your organization s needs and accounts for the ability to sever access to data in cases of disgruntled employees and former employees. Build a plan for consistent enterprise-wide encryption and key management prior to deploying encryption. Encrypt assets, starting with , laptops and mobile devices, before experiencing a data breach. Anticipate the effects of mobility and cloud computing and the need to encrypt data stored outside of the enterprise, including file shares and cloud storage. 16 Enterprise Encryption Trends Survey Enterprise Encryption Trends Survey 17