Feeds

Who cares about encryption?

Mobility holds the, ahem, key

  • alert
  • submit to reddit

3 Big data security analytics techniques

Workshop Poll Results We're used to getting a hundred or so responses from the mini-polls we run, but the 383 responses to our recent encryption survey were indicative of just how important this area is to people. In it, we wanted to gauge the gap between aspiration and reality when it comes to encryption – what you think is necessary, versus what you have in place.

Up-front it's worth reminding ourselves that online polls are self-selecting, that is, people don't tend to respond unless they have an interest in the area. In this case, it's fair to say that we're going to get a good few people with an interest in IT security in general, not to mention encryption in particular, and the results should be read with this in mind.

Before we get onto the difference between expectation and reality, let's consider what respondents told us were the drivers for encryption. As you can see in Figure 1, top of the list was compliance with regulations such as PCI. In addition, many of you are storing increasing amounts of sensitive data, and/or seeing an increasingly mobile workforce – and certain respondents are reacting to recent breaches.

Figure 1

This is interesting enough – though perhaps it doesn't tell us anything new. The tendrils of regulation are extending, the amount of data stored is growing and workers are increasingly mobile. For the record, answers to the "Other" option (not shown) tended to focus on customer pressure and perceptions, for example about reputation. We'll come back to these drivers in a moment, but for now let's look at the state of play across the sample as a whole. We can start to glean some value from this, not least in seeing where respondents felt attention should be spent (Figure 2).

Figure 2

The top three ideal-world targets for encrypting everything are, in order:

  • Data stored on notebooks used by mobile workers
  • Data stored on smartphones and other portable/handheld devices
  • Data stored on desktops/notebooks used in home locations

It's no coincidence that all three are to do with distributed/mobile working. Keep in mind the self-selection factor – so the absolute levels of response in terms of current usage will be higher than those in a balanced sample. What's more interesting is the relative gap between the ideal-world position and what's actually in place (Figure 3).

Figure 3

Looking at the delta between the ideal world and reality, clearly respondents believe that there is work still to be done across the board. The third point is how this figure relates to the first, "drivers" chart above. While compliance is seen as the top driver, the key areas where attention needs to be placed when it comes to encrypting data are all related to mobility. This is a fair indicator of how challenging the nature of the increasingly mobile workforce can be, when it comes to complying with regulations.

The executive who found himself personally responsible for a data breach when his laptop was stolen from his house may have been taken by surprise, as there is a lingering mindset that security is a central infrastructure thing. But rules and regs like PCI are not fussy about which particular part of the IT infrastructure is involved, be it a SAN in the data centre, or an SD card in a phone. It's all just IT.

3 Big data security analytics techniques

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Samsung Galaxy S5 fingerprint scanner hacked in just 4 DAYS
Sammy's newbie cooked slower than iPhone, also costs more to build
Putin tells Snowden: Russia conducts no US-style mass surveillance
Gov't is too broke for that, Russian prez says
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
Mounties always get their man: Heartbleed 'hacker', 19, CUFFED
Canadian teen accused of raiding tax computers using OpenSSL bug
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.