Study Finds Protecting Credit Card and Patient Data Drives IT Spending Yet
Most Organizations Still at Risk
Less than half encrypt backup tapes, full disks and databases while nearly 20
percent said they would wait for a data breach before they encrypt tapes
SAUSALITO, Calif., Oct. 20 /PRNewswire/ -- Trust Catalyst, a research firm
helping companies build data protection strategies that strengthen customers'
trust -- today announced the findings of its second annual 2009 Encryption and
Key Management Benchmark Report which surveyed more than 600 IT security
professionals and was sponsored by Thales.
The study found 41 percent surveyed encrypt backup tapes, 43 percent encrypt
databases and 49% encrypt full disks, despite the growing number of new
industry, state and national data protection regulations. While participants
indicated the protection of health care and credit card data was driving
future IT spending, 19 percent said they would wait for a data breach before
they would encrypt tapes. This data left unprotected in databases and backup
tapes causes these organizations to be at higher risk for a data breach.
The study revealed the primary obstacles preventing organizations from
encrypting these applications were due to concerns about cost and data
availability. Once data is encrypted, participants fear they could lose this
data or it would not be available when it was needed causing a business
disruption even though twice as many surveyed admitted to a data breach than
losing data because of a lost encryption key.
"Given the nature of new data breach regulations, organizations no longer have
the luxury of time to wait and encrypt credit card and healthcare data because
of data availability concerns," said Kimberly Getgen, Principal of Trust
Catalyst. "With less than 50 percent of participants encrypting backup tapes
and nearly 20 percent of respondents saying it would take the pain of a data
breach to get their organization to reverse their decision, too many
organizations, customers and patients are needlessly at risk."
Here are some of the study's key findings:
-- Patient and Credit Card Data Protection Drives IT Budgets. 53.9
percent
indicated they were allocating budget for PCI DSS, 28.9% for HIPAA and
22.4% for the EU Data Privacy Directive. HIPAA was the number one
allocator of new budgets for US participants.
-- Cost of encryption remains top concern. Participants express that
cost
remains the single most important factor preventing data that "should"
be encrypted from being encrypted. Over half cited the cost of the
encryption solution (26%) or the cost of managing the encryption
solution (25%) as their primary obstacles for being able to bring
encryption into their organizations where it is needed most.
-- Operational concerns delaying encryption projects. The decision to
postpone encryption is often because operational efficiencies like
availability of data and performance are seen as more important than
data protection. For example, when asked specifically about what was
preventing them from encrypting databases, it was the complexity of
managing keys that was identified as the primary obstacle preventing
participants from encrypting backup tapes (24%). Here, participants
said availability was far more important than confidentiality.
-- Cloud computing not ready for prime time. 52.1 percent of
participants
cite data security concerns as being the number one barrier preventing
their organization from adopting cloud computing. 42.6 percent of
survey participants said they were not currently planning on moving to
the cloud while another 46.5% said they would wait until data is
encrypted before moving. 58.8 percent said they would want to manage
their own encryption keys if encrypted data was moved to the cloud.
The full 2009 Encryption and Key Management Benchmark report can be downloaded
from http://www.trustcatalyst.com/2009EncryptionSurvey.php
About Trust Catalyst
Trust Catalyst helps global organizations make critical decisions about how to
protect their most valuable resource - their customer's trust. We understand
that the adoption of a successful data protection or security program is about
selling a strategy to a larger audience. We speak the language business
executives understand and quantify the need for security by helping establish
the costs of lost customer trust and the disruption to business when that
trust is broken. As more insidious attacks from cybercriminals specifically
targeting organizations with customer's sensitive data grows, we help
businesses understand the threats, the costs of the threats and how to
maintain trusted relationships with their customers. You can learn more and
download our research at www.trustcatalyst.com
SOURCE Trust Catalyst
Kimberly Getgen of Trust Catalyst, +1-415-317-2530, kim@trustcatalyst.com
