Symantec's 2011 Enterprise Encryption Trends Survey found enterprises are securing data with encryption in more places than ever. However, the survey discovered that encryption solutions are fragmented, creating risk for organizations from the lack of centralized control of access to sensitive information and disrupting critical processes such as e-discovery and compliance monitoring. In fact, the inability to access important business information due to fragmented encryption solutions and poor key management is costing each organization an average of $124,965 per year.
2. Methodology
• Survey Performed by Applied Research
• 1,575 organizations worldwide
• Mid-market and Enterprise
(500 employees or more)
• C-level, tactical management,
strategic management
• Cross-industry
2
3. Key Findings
• Encryption use growing rapidly but fragmented
• Use of encryption in rogue projects
• Concerns about key management
• Encryption point product issues costing enterprises
3
4. Encryption Use Growing Rapidly
• 48% of enterprises increased their use of encryption over past two years
• 43% of data is encrypted at some point in its lifecycle
• Typical organization has 5 different encryption solutions deployed
5. Use of Encryption in Rogue Projects
• One third say unapproved encryption somewhat to extremely frequent
• Half have seen serious issues with encryption keys
– 34% have lost a key
– 32% have had a key fail
– 26% had former employees who refused to return keys
6. Concerns About Key Management
• 40% less than somewhat confident
they can retrieve keys
• 39% less than somewhat confident
they can protect against disgruntled
employees
7. Encryption Point Product Issues Costing Enterprises
• All incurred costs from encryption key issues:
– 48% report inability to meet compliance requests
– 42% report fines due to inability to respond to eDiscovery requests
– 41% report inability to access important business information
– 39% report brand damage
– 34% report having to expend IT resources
• Average loss: $124,965
8. Recommendations
• Understand and anticipate the lifecycle for encryption processes
• Plan a data recovery process that meets your organization’s needs
• Build a plan for consistent enterprise-wide encryption and key management
• Encrypt assets before a data breach
• Anticipate the need to encrypt data stored outside of the enterprise