Share
Thales recently released their Key Management benchmark survey, reporting that of all the things that could drive an encryption project in IT, HIPAA and PCI DSS are the top two reasons companies are moving forward with encryption initiatives.
PCI DSS and HIPAA drive encryption projects.(IMG:J.Anderson)
The survey was conducted by Trust Catalyst for Thales, who as a vendor, deals with communications security and data protection. The results come from 655 IT professionals around the globe, many of whom are in management positions in the technology, software, financial, or government sectors.
Their findings show that in Europe, 52-percent of those who answered the survey are planning encryption projects so that they can comply with PCI DSS regulations. In the U.S., 53-percent said their encryption projects are based on compliance needs for HIPAA. While most have existing encryption solutions in place, there is some upgrading going on to increase availability and performance.
One aspect of availability centered on recovery, where 49-percent of the respondents said that it is a must that they can recover an encrypted database in one-hour or less. The application with the most time critical service level, payment processing, must be available in less than one hour for 54 percent of all surveyed.
Another issue with availability is key management, the central part to any encryption project, no matter what the solution is. The Thales survey showed that eight percent of those surveyed have had to deal with a lost encryption key in the last two years. According to the survey report, these losses resulted in business disruptions or permanent data loss for 39-percent of those who’ve dealt with the issue.
Overall, the most challenging aspect of key management shifted from preparing for a breach last year to the operational issue of rotating encryption keys this year, Thales mentioned. In addition, the data from the survey showed that for those organizations spending one year or more on key management planning, proving compliance was the most challenging.
"These results show clearly that two of the most important pieces of data - a person's credit card details and their health records - and the regulations designed to safeguard this data are the major drivers for companies to encrypt data," says Franck Greverie, Vice President, Managing Director for the information systems security activities of Thales.
"The impact of a data breach is one of the main security headaches for CEOs and IT specialists alike and regulation is already playing a role in terms of tightening data security. The very nature of encryption means that data is secure even if many of the other enterprise security mechanisms fail and regulators and industry will therefore grow to depend on encryption. At the same time, key management and the ability to demonstrate encryption key custody and control will become increasingly important as auditors and regulators look to validate safe harbor.”
Another aspect to the survey was cloud-based computing. More than half of the respondents (52-percent) indicated data security as the chief concern preventing their organization from adopting cloud computing.
Moreover, when asked about their own company's plans for cloud computing, 47-percent said they would not move to the cloud unless data was encrypted, and another 43-percent said they have no cloud-based plans at all.
Regarding key management, 59-percent of respondents would not allow encryption keys to be managed by a cloud service (26-percent were unsure) and only 15-percent said they were ok with having their keys managed in the cloud.
The full report is here, but registration is required.
Interested in a more interactive TTH? Join our Facebook Group Want regular updates from The Tech Herald? Follow us on Twitter
Advertising
Comment on this Story