The way we work has changed significantly since businesses started using encryption products to secure their data. Today, we’re working from everywhere, on multiple devices and we need our data to keep up with us, and to be secure, regardless of which platform, device or location we leverage to access it.
Network and endpoint security provider Sophos, in conjunction with independent technology market research firm Vanson Bourne, recently conducted a survey of 1,700 IT managers from companies across the U.S., Canada, India, Australia, Japan and Malaysia to better understand where businesses are succeeding with using encryption to secure their data. The report also identified gaps in organizations’ encryption strategies.
Key findings from Sophos’ “The State of Encryption Today” survey include:
- 44% of organizations are making extensive use of encryption to secure their data and a further 43% are encrypting to some degree, but divisions emerge when comparing encryption levels in companies of different sizes. Only 38% of smaller organizations (100-500 employees) are encrypting extensively, compared with 50% of larger organizations (501-2,000 employees); a troubling statistic considering that according to a 2014 Verizon report, 53% of confirmed data loss incidents were in organizations of less than 1,000 users.
- Organizations are encrypting for a variety of reasons, based on both internal and external factors. 61% of companies cited protecting proprietary company data, while protecting employee personnel data ranked second at 56%. Unfortunately, these good intentions aren’t always translating into security action. Over a third (31%) of organizations don’t always encrypt their financial information and 45% are failing to always encrypt their intellectual property.
- Customer data fares better, but even so, 25% of organizations aren’t always encrypting customer payment details and worse yet, 31% of organizations are not always encrypting employee bank details, 43% aren’t always encrypting HR records and 47% aren’t always encrypting employee healthcare information.
- When they are choosing between full disk and file encryption, more organizations are using file (37%) than full disk (27%). However 36% of organizations are using both; given they are complementary technologies, this is a wise approach. In essence, 36% of organizations are getting the best of both security worlds.
- 37% of companies cited lack of budget as the number one reason for not
using encryption, while performance concerns and lack of encryption deployment
knowledge ranked second and third with 31% and 28%, respectively. A troubling 19% felt
that encryption was not an effective tool for securing sensitive data.
While encryption today isn’t as widespread as security experts would hope, the signs are encouraging as the majority of organizations are in agreement that improvements to the way in which data is stored need to be made. 75% of survey respondents said that employee data storage needs improvement; 74% agreed that customer data protection must be enhanced; and 77% stated that company data security needs major upgrading. The survey also shed light on what organizations are planning for in the next several years: 97% of IT managers polled are already using encryption to at least some degree or plan to in the future. Of these, 69% are planning to extend their data protection approach with encryption over the next one to two years.
As technology evolves, so does the sophistication of threats to our data. To begin evolving your data protection strategy, ask yourself the following questions and consider securing your data with encryption:
How does data flow into and out of your organization?
How does your organization and your people make use of data?
Who has access to your data?
Where is your data?