Encryption experts
universally lament that it’s not the cryptography that makes encryption hard; rather,
it’s keeping track of the keys and all the different encryption software that
causes heartburn.
Now, Symantec is offering
some data to reassure channel partners that it’s not just their imagination. In
its 2011 Enterprise Encryption Trends Survey, Symantec found that poor
key management and fragmented encryption solutions cost organizations an
average of $124,965 per year.
"While many
organizations understand the importance of encrypting their data, issues with
key management and multiple point products can give them inconsistent
visibility into what has been protected," said Joe Gow, director, product
management, at Symantec.
Conducted by Applied Research,
the study is based on a survey of 1,575 C-level, tactical management and strategic management
stakeholders within enterprise organizations worldwide.
The study found that while
encryption use expands, management continues to splinter. Nearly half of the enterprises
surveyed reported that they’ve increased their use of encryption over the last
two years. The average organization has five different encryption solutions
deployed and encrypts at least half of its data at some point in its lifecycle.
And this growth spurt isn’t exclusive to IT-approved projects. About one-third
of the survey participants said that unapproved encryption deployments are
happening at their organizations on a somewhat to extremely frequent basis.
Unsurprisingly, this has
lead to numerous headaches with regard to the management of encryption keys.
More than half of organizations polled report having experienced serious
encryption-key issues.
One key management concern
is that keys will be lost, rendering data unusable. About 40 percent of
organizations reported that they are "less than somewhat confident"
they can retrieve all their encryption keys. More than one-third of
organizations report having lost keys, and just under a third have experienced
key failure.
Another big concern is that
keys are not protected from malicious insiders. Less than 40 percent say that
they are "less than somewhat confident" they can protect access to
business information from disgruntled employees. And more than a quarter of
organizations have had former employees who have refused to return keys.
The results point to a
greater need for organizations to take a more programmatic approach to
encryption. And channel partners can be valuable advisers for companies looking
to incorporate encryption solutions.
"Over time, many
enterprises have acquired a variety of encryption solutions that were deployed
in response to compliance and security mandates. Whether it is built-in
encryption provided by an Oracle or Microsoft SQL Server database, or a third-party
encryption product, few companies consider the management and operational costs
of maintaining these separate islands of encryption," said Todd Thiemann,
senior director of product marketing for encryption vendor Vormetric.
"One of the biggest
challenges is key management. Service providers are uniquely positioned to help
customers streamline key management that involves different technology
platforms. With the accelerating adoption of encryption across all industries,
this is a growth market for channel partners," he said.