Feeds

Who cares about encryption?

Mobility holds the, ahem, key

  • alert
  • submit to reddit

The Essential Guide to IT Transformation

Workshop Poll Results We're used to getting a hundred or so responses from the mini-polls we run, but the 383 responses to our recent encryption survey were indicative of just how important this area is to people. In it, we wanted to gauge the gap between aspiration and reality when it comes to encryption – what you think is necessary, versus what you have in place.

Up-front it's worth reminding ourselves that online polls are self-selecting, that is, people don't tend to respond unless they have an interest in the area. In this case, it's fair to say that we're going to get a good few people with an interest in IT security in general, not to mention encryption in particular, and the results should be read with this in mind.

Before we get onto the difference between expectation and reality, let's consider what respondents told us were the drivers for encryption. As you can see in Figure 1, top of the list was compliance with regulations such as PCI. In addition, many of you are storing increasing amounts of sensitive data, and/or seeing an increasingly mobile workforce – and certain respondents are reacting to recent breaches.

Figure 1

This is interesting enough – though perhaps it doesn't tell us anything new. The tendrils of regulation are extending, the amount of data stored is growing and workers are increasingly mobile. For the record, answers to the "Other" option (not shown) tended to focus on customer pressure and perceptions, for example about reputation. We'll come back to these drivers in a moment, but for now let's look at the state of play across the sample as a whole. We can start to glean some value from this, not least in seeing where respondents felt attention should be spent (Figure 2).

Figure 2

The top three ideal-world targets for encrypting everything are, in order:

  • Data stored on notebooks used by mobile workers
  • Data stored on smartphones and other portable/handheld devices
  • Data stored on desktops/notebooks used in home locations

It's no coincidence that all three are to do with distributed/mobile working. Keep in mind the self-selection factor – so the absolute levels of response in terms of current usage will be higher than those in a balanced sample. What's more interesting is the relative gap between the ideal-world position and what's actually in place (Figure 3).

Figure 3

Looking at the delta between the ideal world and reality, clearly respondents believe that there is work still to be done across the board. The third point is how this figure relates to the first, "drivers" chart above. While compliance is seen as the top driver, the key areas where attention needs to be placed when it comes to encrypting data are all related to mobility. This is a fair indicator of how challenging the nature of the increasingly mobile workforce can be, when it comes to complying with regulations.

The executive who found himself personally responsible for a data breach when his laptop was stolen from his house may have been taken by surprise, as there is a lingering mindset that security is a central infrastructure thing. But rules and regs like PCI are not fussy about which particular part of the IT infrastructure is involved, be it a SAN in the data centre, or an SD card in a phone. It's all just IT.

Build a business case: developing custom apps

More from The Register

next story
14 antivirus apps found to have security problems
Vendors just don't care, says researcher, after finding basic boo-boos in security software
'Things' on the Internet-of-things have 25 vulnerabilities apiece
Leaking sprinklers, overheated thermostats and picked locks all online
Only '3% of web servers in top corps' fully fixed after Heartbleed snafu
Just slapping a patched OpenSSL on a machine ain't going to cut it, we're told
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Secure microkernel that uses maths to be 'bug free' goes open source
Hacker-repelling, drone-protecting code will soon be yours to tweak as you see fit
Israel's Iron Dome missile tech stolen by Chinese hackers
Corporate raiders Comment Crew fingered for attacks
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.