MOUNTAIN VIEW, Calif. – Nov. 30, 2011 – Symantec Corp. (Nasdaq: SYMC) today released the findings of its 2011 Enterprise Encryption Trends Survey, which found enterprises are securing data with encryption in more places than ever. However, the survey discovered that encryption solutions are fragmented, creating risk for organizations from the lack of centralized control of access to sensitive information and disrupting critical processes such as e-discovery and compliance monitoring. In fact, the inability to access important business information due to fragmented encryption solutions and poor key management is costing each organization an average of $124,965 per year.
“While many organizations understand the importance of encrypting their data, issues with key management and multiple point products can give them inconsistent visibility into what has been protected,” said Joe Gow, director, product management, at Symantec. “As the Enterprise Encryption Trends survey demonstrates, encryption needs to evolve from a fragmented protection historically implemented at the line of business level to a capability that is managed as a core component of organizations’ IT security operations.”
- Encryption use is growing rapidly but fragmented. Forty-eight percent of enterprises increased their use of encryption over the past two years. The respondents state that almost half of their data is now encrypted at some point in its lifecycle. The typical organization reports they have five different encryption solutions deployed.
- Use of encryption in rogue projects. According to the survey, one-third of respondents said unapproved encryption deployment is happening on a somewhat to extremely frequent basis. Because these projects are not necessarily following the company’s best practices, 52 percent of organizations have experienced serious issues with encryption keys including lost keys (34 percent) and key failure (32 percent). In addition, 26 percent have had former employees who have refused to return keys.
- Organizations express concerns about key management. Organizations are not very confident in their ability to effectively manage encryption keys. Forty percent are less than somewhat confident they can retrieve keys. Thirty-nine percent are less than somewhat confident they can protect access to business information from disgruntled employees.
- Encryption point product issues costing enterprises. All of the organizations reporting encryption key issues incurred some sort of related costs. The most common costs include inability to meet compliance requests (48 percent), inability to respond to eDiscovery requests (42 percent), and inability to access important business information (41 percent). In addition, the average loss from encryption-related issues is $124,965 per year.
Symantec recommends the following for organizations to build a plan that avoids some of the pitfalls seen by the survey respondents.
- Understand the lifecycle for encryption processes and anticipate challenges involved with protecting data in an increased number of places.
- Plan a data recovery process that meets your organization’s needs and accounts for the ability to sever access to data in cases of disgruntled employees and former employees.
- Build a plan for consistent enterprise-wide encryption and key management prior to deploying encryption.
- Encrypt assets, starting with email, laptops and mobile devices, before experiencing a data breach.
- Anticipate the effects of mobility and cloud computing and the need to encrypt data stored outside of the enterprise, including file shares and cloud storage.
Symantec’s Enterprise Encryption Trends Survey
Symantec’s Enterprise Encryption Trends Survey is the result of research conducted in September 2011 by Applied Research, which surveyed C-level, tactical management, and strategic management. The report was designed to examine encryption use within enterprise organizations. The survey included 1,575 organizations from 37 countries in North America, EMEA (Europe, Middle East and Africa), Asia Pacific, and Latin America.
Connect with Symantec
Symantec is a global leader in providing security, storage and systems management solutions to help consumers and organizations secure and manage their information-driven world. Our software and services protect against more risks at more points, more completely and efficiently, enabling confidence wherever information is used or stored. More information is available at www.symantec.com.
Note to Editors: If you would like additional information on Symantec Corporation and its products, please visit the Symantec News Room at http://www.symantec.com/news. All prices noted are in U.S. dollars and are valid only in the United States.
Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.
Forward-looking Statements: Any forward-looking indication of plans for products is preliminary and all future release dates are tentative and are subject to change. Any future release of the product or planned modifications to product capability, functionality, or feature are subject to ongoing evaluation by Symantec, and may or may not be implemented and should not be considered firm commitments by Symantec and should not be relied upon in making purchasing decisions.
TECHNORATI TAGS: Symantec, encryption, security