Enterprise Encryption Headaches Create Channel Opportunity

By Ericka Chickowski

Encryption experts universally lament that it's not the cryptography that makes encryption hard; rather, it's keeping track of the keys and all the different encryption software that causes heartburn.

Now, Symantec is offering some data to reassure channel partners that it's not just their imagination. In its 2011 Enterprise Encryption Trends Survey, Symantec found that poor key management and fragmented encryption solutions cost organizations an average of $124,965 per year.

"While many organizations understand the importance of encrypting their data, issues with key management and multiple point products can give them inconsistent visibility into what has been protected," said Joe Gow, director, product management, at Symantec.

Conducted by Applied Research, the study is based on a survey of 1,575 C-level, tactical management and strategic management stakeholders within enterprise organizations worldwide.

The study found that while encryption use expands, management continues to splinter. Nearly half of the enterprises surveyed reported that they've increased their use of encryption over the last two years. The average organization has five different encryption solutions deployed and encrypts at least half of its data at some point in its lifecycle. And this growth spurt isn't exclusive to IT-approved projects. About one-third of the survey participants said that unapproved encryption deployments are happening at their organizations on a somewhat to extremely frequent basis.

Unsurprisingly, this has lead to numerous headaches with regard to the management of encryption keys. More than half of organizations polled report having experienced serious encryption-key issues.

One key management concern is that keys will be lost, rendering data unusable. About 40 percent of organizations reported that they are "less than somewhat confident" they can retrieve all their encryption keys. More than one-third of organizations report having lost keys, and just under a third have experienced key failure.

Another big concern is that keys are not protected from malicious insiders. Less than 40 percent say that they are "less than somewhat confident" they can protect access to business information from disgruntled employees. And more than a quarter of organizations have had former employees who have refused to return keys.

The results point to a greater need for organizations to take a more programmatic approach to encryption. And channel partners can be valuable advisers for companies looking to incorporate encryption solutions.

"Over time, many enterprises have acquired a variety of encryption solutions that were deployed in response to compliance and security mandates. Whether it is built-in encryption provided by an Oracle or Microsoft SQL Server database, or a third-party encryption product, few companies consider the management and operational costs of maintaining these separate islands of encryption," said Todd Thiemann, senior director of product marketing for encryption vendor Vormetric.

"One of the biggest challenges is key management. Service providers are uniquely positioned to help customers streamline key management that involves different technology platforms. With the accelerating adoption of encryption across all industries, this is a growth market for channel partners," he said.


This article was originally published on 2011-12-01