Part of the role that Symantec takes within the security community is to work together with research groups to identify and understand the trends that shape the market. As part of this effort, Symantec is continuing the work started between PGP Corporation and Ponemon Institute to examine the usage of encryption and how it has been evolving over the years.
Ponemon Institute recently completed the “2010 US Enterprise Encryption Trends Report”, published November 2010. This report surveyed 964 US I.T. workers in various job functions and asked about their insights into their usage of encryption technology in order to protect information assets.
One of the most interesting insights that emerged from this report is that the reason for making the decision to deploy encryption has undergone a shift. In the past, the primary driver has always been in response to a data breach. In the 2010 report, the respondents noted that compliance with privacy or data security regulations is the primary driver.
This is a notable shift, because it indicates that IT professionals are now approaching encryption as a proactive defensive measure rather than something they did after a data breach event. I’ve talked with many customers who were deploying encryption as part of the remediation process for data loss, such as an employee losing a laptop with customer data on it. Under this scenario, it can be really challenging to get encryption done right because there are tight timelines, a great deal of pressure from executive management, and not a lot of pre-planning on how to deploy an environment that can address future requirements. All of the focus is specific around requirements based on how they already lost data, not on how they might lose data in the future.
With the research from the Ponemon Institute, it’s quite interesting to see that compliance becoming the driver for an encryption project. It shifts the security posture of a company to anticipation and prevention rather than reaction. The compliance approach sets up the line of thinking to give an organization more time to plan, anticipate and adjust their strategy before something bad happens, rather than after.
There are different types of compliance laws around the world, and as such, the encryption trends tend to vary greatly due in various markets. Ponemon Institute is conducting research on the attitudes towards encryption in Germany, UK, France and Australia as well. These reports will be published in the months ahead. Keep an eye out at the following link for more information.