- BlackBerry Storm vs. the iPhone
- Digg's Kevin Rose: "We have to do better"
- Blogger warns: "Nortel doesn't make it out alive"
- Financial quagmire bringing out the scammers
- Verizon plays with the wrong e-mail addresses
Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:Application Performance Solutions | App Performance | Networking Solution | SafeGuard Enterprise Solution Center | SOA | Test your Web Filter | Value of WDS
Encrypting e-mail is a good start, but it doesn't address the security of data sitting on servers and back-up systems. And it doesn't protect data being transported to offsite back-up facilities, a lesson several companies learned the hard way this year when their tapes containing sensitive customer information were lost in transit.
That is one reason many analysts recommend that companies encrypt sensitive data wherever it sits on the network. According to Gartner analyst Rich Mogull, encryption makes sense for backup tapes, laptops, PDAs or other portable storage media containing sensitive information, as well as credit card numbers stored in databases.
Losing tapes is nothing new, says Dave Ellard, senior vice president of corporate development at GlassHouse Technologies. "We've been moving and losing tapes for 30 years, but we never had to issue press releases before when we lost a tape."
In other words, the key difference today is regulations. Privacy regulations include legislation that either strongly encourages some form of encryption of sensitive data or, as is the case with the credit card industry's latest Payment Card Initiative (PCI) standard, formally prescribes the use of encryption.
Then there's California Senate Bill 1386, which requires that companies publicly disclose instances where they believe unencrypted personal information about California residents might have been compromised. The bill has led many companies to believe that encryption could keep them out of the headlines.
A 2004 Gartner report predicted that by the end of 2007, 80% of Fortune 1000 companies would encrypt most of their critical data at rest. "We've since updated this assumption and now predict that by the second quarter of 2006, 85% of large enterprises will have initiated encryption projects," Mogull says.
Yet statistics on the current state of encryption, show surprisingly low current adoption rates. Research conducted by the Enterprise Strategy Group (ESG) showed that 60% of respondents never encrypt back-up data going to tape (see graphic, below). A March report on database security by Noel Yuhanna, a senior analyst, also showed only four of the 24 companies surveyed used encryption of data at rest (see graphic, right).
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comment