Survey: How Companies Are Securing Critical Data

  • 344 views
Uploaded on

The incredible growth of Information Technology over the last few decades has led to an explosion of corporate data spread throughout an organization on corporate servers, mobile devices, and …

The incredible growth of Information Technology over the last few decades has led to an explosion of corporate data spread throughout an organization on corporate servers, mobile devices, and increasingly on cloud based systems that may be managed by third parties. In many cases, this is sensitive information and there is the potential for corporate data to be compromised. The question is how to maintain control on this data so that it is safe from potential abuse.

More in: Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
344
On Slideshare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
12
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. SECUDE - US Full Disk Encryption 2011 Survey Publication: March 2012
  • 2. Executive Summary The incredible growth of Information Technology over the last few decades has led to an explosion of corporate data spread throughout an organization on corporate servers, mobile devices, and increasingly on cloud based systems that may be managed by third parties. In many cases, this is sensitive information and there is the potential for corporate data to be compromised. The question is how to maintain control on this data so that it is safe from potential abuse. SECUDE, a global provider of IT data protection solutions, conducted a nationwide survey in the United States in November 2011. The survey covered 209 participants across various organizations. Eighty-eight percent of the participants were IT practitioners. IT Executives such as CIOs, 18% CTOs, Directors, and VPs IT Managers 15% IT technical staff or relevant 54% The other participants included non-IT business executives (8%) and other non-IT business roles (4%). This research focused on the current status of data encryption technology application across organizations and user perception towards Full Disk Encryption (FDE) solutions. The comprehensive survey revealed the following facts:  Fifteen percent of the organizations surveyed do not use any type of encryption solution in their systems. o Eighty-seven out of the 209 respondents surveyed stated that their organizations have not implemented FDE technology. Around 60% of them do not plan to implement it for the next two years.  Sixty-three percent of the participants stated that their organizations were using at least two encryption technologies to protect their critical data.  The top two encryption technologies used in the surveyed organizations are Full Disk Encryption (58%) and E-mail Encryption (46%).  FDE solution users prefer solutions that require less effort in everyday use, such as: o Low performance impact on computer system resources o Transparency to end usersSECUDE - US Full Disk Encryption Survey 2011 2
  • 3. Table of Content Executive Summary 2 Key Findings 4 Future Adoption of Encryption Technologies 4 Full Disk Encryption Vulnerability Segment 5 File and Folder Encryption Vulnerability Segment 5 E-mail Encryption Vulnerability Segment 6 External Media Encryption Vulnerability Segment 6 What Organizations Are Looking For 7 Recommendation 8 Appendix 9 RESPONDENTS’ PROFILES 9 SYSTEM PROFILES 10 About SECUDE 11 Global SECUDE Locations 11SECUDE - US Full Disk Encryption Survey 2011 3
  • 4. Key Findings Current Adoption of Encryption Technologies: About 15% of the organizations surveyed do not use any type of encryption solution listed in Table 1. The chart below highlights encryption technology adoption. Full disk encryption 58% Email encryption 46% Network traffic encryption 39% File/ Folder encryption 33% External media encryption 31% Database encryption 25% None of the above encryption technologies 15% 0% 10% 20% 30% 40% 50% 60% 70% Table 1: Encryption Technology Adoption Future Adoption of Encryption Technologies: Full Disk Encryption will be the form of encryption technology that would be adopted most over the next two years, followed by external media encryption. The chart below depicts the percentage of encryption technology adoption. Full disk encryption 41% Email encryption 22% Network traffic encryption 20% File/ Folder encryption 25% External media encryption 31% Database encryption 21% 0% 10% 20% 30% 40% 50% 60% 70% Table 2: Technology Adoption PercentageSECUDE - US Full Disk Encryption Survey 2011 4
  • 5. Full Disk Encryption Vulnerability Segment: Forty-two percent of the surveyed respondents stated that their organizations have not implemented Full Disk Encryption technology. Around 60% of them do not plan to implement it for the next two years. Relaxed Protection High Risk Currently using FDE Currently NOT using BUT WOULD NOT buy FDE and would NOT buy more within 2 years any within 2 years 33% CURRENTLY AT RISK 25% 42% 16% 25% Continuous Protection Potential Enters Currently using FDE and Currently NOT using would buy more within FDE but would BUY 2 years within 2 years Figure 1: Vulnerability Segmentation (Full Disk Encryption) File and Folder Encryption Vulnerability Segment: The survey reveals that US organizations might have a high possibility of a data breach incident at the file and folder layer. Over 55% participants revealed that their organizations did not pay much attention to this security area. Relaxed Protection High Risk Currently using File and Folder Encryption BUT Currently NOT using File and Folder WOULD NOT buy more within 2 years Encryption and would NOT buy any within 2 years CURRENTLY 56% 20% AT RISK 13% 67% 11% Continuous Protection Potential Enters Currently using File and Folder Encryption Currently NOT using File and Folder Encryption and would buy more within 2 years BUT would buy within 2 years Figure 2: Vulnerability Segmentation (File and Folder Encryption)SECUDE - US Full Disk Encryption Survey 2011 5
  • 6. E-mail Encryption Vulnerability Segment: Relaxed Protection High Risk Currently using E-mail Encryption Currently NOT using E-mail BUT would NOT buy more within Encryption and would NOT buy 2 years more within 2 years CURRENTLY 35% AT RISK 42% 54% 12% 11% Potential Enters Continuous Protection Currently NOT using E-mail Currently using E-mail Encryption BUT would buy more Encryption and would buy within 2 years more within 2 years Figure 3: Vulnerability Segmentation (E-Mail Encryption) External Media Encryption Vulnerability Segment: Relaxed Protection High Risk Currently using External Media Currently NOT using External Encryption BUT would NOT buy Media Encryption and would more within 2 years NOT buy within 2 years CURRENTLY 21% AT RISK 48% 69% 21% 10% Continuous Protection Potential enters: Currently using External Media Currently NOT using External Encryption and would buy more Media Encryption BUT will buy within 2 years within 2 years Figure 4: Vulnerability Segmentation (External Media Encryption)SECUDE - US Full Disk Encryption Survey 2011 6
  • 7. What Organizations Are Looking For: All participants were asked to rate how important every feature is for them when choosing a Full Disk Encryption solution for their organization. They rated based on a 7-point scale that ranged from ‘Not at all important’ to ‘Extremely important’. Surprisingly, the study found that IT security solution users in the US tend to value core benefits or features that involve day-to-day interaction (red dot circle - - - -). This finding is in contrast to the benefits and features that are marketed extensively, such as easy management and additional security layers that IT security vendors promote. The following charts highlight usage preferences under the categories:  GENERAL IMAGE Existing relationship with vendor 13% 10% Vendor image/ knowledge 27% 16% Certifications (FIPS, Common criteria) 26% 14% Price/ Good value for money 33% 34% 0% 20% 40% 60% 80% 100% Very important Extremely important  USABILITY Offline helpdesk 19% 16% Transparency to end-user (little/ no user … 35% 39% Single sign-on to operating system 33% 25% Flexible authentication mechanisms 27% 14% 0% 20% 40% 60% 80% 100% Very important Extremely important  PERFORMANCE Quick initial encryption 23% 14% Ability to use the system during initial 22% 19% encryption Low performance impact in day to day use 32% 44% 0% 20% 40% 60% 80% 100% Very important Extremely importantSECUDE - US Full Disk Encryption Survey 2011 7
  • 8.  SECURITY Support Self-Encrypting Drives 30% 13% Secure Wipe/ Delete/ Erase 33% 24% Two-factor authentication 29% 10% 0% 20% 40% 60% 80% 100% Very important Extremely important  MANAGEMENT Integration into third party management 18% 11% consoles Remote deployment and configuration 31% 20% Central management console 28% 25% Reporting and auditing 30% 20% 0% 20% 40% 60% 80% 100% Very important Extremely important Recommendation Enterprises are aware of the options available to protect data but few have taken the necessary steps in the area of Full Disk Encryption. While some have taken this step, an alarming number of enterprises have not encrypted their laptops and may potentially suffer from a breach when those laptops are lost or stolen, This will inevitability lead to damage to their brand and reputation as well as fines and lawsuits which may be in the millions of dollars whether or not there was any harm done with the lost data. In order to protect corporate data and to comply with legislation in many states, companies should review their security policies and take the basic first step of encrypting their laptops through Full Disk Encryption.SECUDE - US Full Disk Encryption Survey 2011 8
  • 9. Appendix RESPONDENTS’ PROFILES Slightly more than half (51%) of the participants were from organizations with more than 1,000 employees. Organization size (%) 1 - 50 employees 13% 51 - 200 employees 22% 201 - 500 employees 8% 501 - 1,000 employees 6% 1,001 - 5,000 employees 20% 5,001 - 10,000 employees 5% 10,001+ employees 26% Nevertheless, more than half (59%) of them were working in industries that dealt with massive personal records or required strong information security. Vertical Industry (%) Information Technology 21% Manufacturing & Construction 11% Finance/ Insurance 12% Education 12% Services 10% Healthcare 8% Government Dept/ Agency 6% Aerospace/ Defense/ Transportation 8% Utility/ Energy 3% Consumer Goods 3% Others 5%SECUDE - US Full Disk Encryption Survey 2011 9
  • 10. SYSTEM PROFILES In the United States, Dell is the most popular laptop brand being used following by HP and IBM. Nearly one third of the companies use Apple. Popular Laptop Brands (%) Dell 74% HP 47% IBM/Lenovo 45% Apple 33% Toshiba 13% Sony 8% Acer 5% Windows 7 and Windows XP are the two most popular operating systems. Operating Systems (%) Windows 7 88% Windows XP 88% Windows Vista 23% Windows 2000 18% Linux flavor 35% Mac OS X Leopard 18% Mac OS X Snow Leopard 26% OSX Lion 20% Unix flavor 28%SECUDE - US Full Disk Encryption Survey 2011 10
  • 11. About SECUDE SECUDE is an innovative global provider of IT data protection solutions. The company was founded in 1996 as collaboration between SAP AG and the Fraunhofer Institute in Germany to develop security solutions. In early 2011, SECUDE sold its business application security solutions to SAP AG in order to refocus on the core competencies - Endpoint Security. SECUDE helps customers to protect their sensitive data against loss and theft and as well as to keep compliance to various laws and industry regulations. Since December 2011, SECUDE is member of the SAP® PartnerEdge™ program and Value Added Reseller (VAR) channel partner of SAP Deutschland AG & Co. KG and since February 2012 also channel partner of SAP (Schweiz) AG. As an SAP VAR, SECUDE offers customers sale of licenses as well consulting and implementation services of SAP NetWeaver® Single Sign-On, besides its own solution portfolio. Today the SECUDE employs over 75 qualified staff and has the trust of a large number of Fortune 500 companies including many of the DAX-listed companies. SECUDE has offices in Europe, North America and Asia. For further information please visit www.secude.com and/or contact us on online@secude.com SECUDE AG Bergegg 1 6376 Emmetten, NW Switzerland Phone: +41 (0) 44 575 1900 Fax : +41 (0) 44 575 1975 Copyright SECUDE AG 2012 SECUDE is a registered trademark of SECUDE AG. Microsoft is a registered trademark of the Microsoft Corporation. Other product and company names mentioned herein serve for clarification purposes and may be trademarks of their respective owners. Global SECUDE Locations Germany | India | Switzerland | USA | Vietnam RESEARCH DISCLAIMER As with all survey research that involves humans, this research too has certain inherent limitations that need to be considered before drawing inferences from the findings.  Non-Response: The findings of this survey are based on a finite number sample of survey responses. Survey invitations were sent to a representative sample of IT and non-IT related business functions. Most of the surveyed entities contributed qualified responses.  Sampling-Frame: Accuracy of the survey is based on valid contact information and the percentage of IT and non-IT representatives across business disciplines. The results may be biased by external events. As SECUDE conducted the survey over the Internet, it is possible that non-Web responses (mailed survey responses or telephone calls) may have drawn different results.  Self-Reported Results: The quality of the survey is based on the integrity of confidential responses received from respondents. Despite the incorporation of checks and balances in the process, it possible that certain subjects may have provided untruthful or qualitatively incomplete responses.SECUDE - US Full Disk Encryption Survey 2011 11