Feeds

Who cares about encryption?

Mobility holds the, ahem, key

  • alert
  • submit to reddit

Build a business case: developing custom apps

Workshop Poll Results We're used to getting a hundred or so responses from the mini-polls we run, but the 383 responses to our recent encryption survey were indicative of just how important this area is to people. In it, we wanted to gauge the gap between aspiration and reality when it comes to encryption – what you think is necessary, versus what you have in place.

Up-front it's worth reminding ourselves that online polls are self-selecting, that is, people don't tend to respond unless they have an interest in the area. In this case, it's fair to say that we're going to get a good few people with an interest in IT security in general, not to mention encryption in particular, and the results should be read with this in mind.

Before we get onto the difference between expectation and reality, let's consider what respondents told us were the drivers for encryption. As you can see in Figure 1, top of the list was compliance with regulations such as PCI. In addition, many of you are storing increasing amounts of sensitive data, and/or seeing an increasingly mobile workforce – and certain respondents are reacting to recent breaches.

Figure 1

This is interesting enough – though perhaps it doesn't tell us anything new. The tendrils of regulation are extending, the amount of data stored is growing and workers are increasingly mobile. For the record, answers to the "Other" option (not shown) tended to focus on customer pressure and perceptions, for example about reputation. We'll come back to these drivers in a moment, but for now let's look at the state of play across the sample as a whole. We can start to glean some value from this, not least in seeing where respondents felt attention should be spent (Figure 2).

Figure 2

The top three ideal-world targets for encrypting everything are, in order:

  • Data stored on notebooks used by mobile workers
  • Data stored on smartphones and other portable/handheld devices
  • Data stored on desktops/notebooks used in home locations

It's no coincidence that all three are to do with distributed/mobile working. Keep in mind the self-selection factor – so the absolute levels of response in terms of current usage will be higher than those in a balanced sample. What's more interesting is the relative gap between the ideal-world position and what's actually in place (Figure 3).

Figure 3

Looking at the delta between the ideal world and reality, clearly respondents believe that there is work still to be done across the board. The third point is how this figure relates to the first, "drivers" chart above. While compliance is seen as the top driver, the key areas where attention needs to be placed when it comes to encrypting data are all related to mobility. This is a fair indicator of how challenging the nature of the increasingly mobile workforce can be, when it comes to complying with regulations.

The executive who found himself personally responsible for a data breach when his laptop was stolen from his house may have been taken by surprise, as there is a lingering mindset that security is a central infrastructure thing. But rules and regs like PCI are not fussy about which particular part of the IT infrastructure is involved, be it a SAN in the data centre, or an SD card in a phone. It's all just IT.

Endpoint data privacy in the cloud is easier than you think

More from The Register

next story
14 antivirus apps found to have security problems
Vendors just don't care, says researcher, after finding basic boo-boos in security software
'Things' on the Internet-of-things have 25 vulnerabilities apiece
Leaking sprinklers, overheated thermostats and picked locks all online
iWallet: No BONKING PLEASE, we're Apple
BLE-ding iPhones, not NFC bonkers, will drive trend - marketeers
Multipath TCP speeds up the internet so much that security breaks
Black Hat research says proposed protocol will bork network probes, flummox firewalls
Only '3% of web servers in top corps' fully fixed after Heartbleed snafu
Just slapping a patched OpenSSL on a machine ain't going to cut it, we're told
Microsoft's Euro cloud darkens: US FEDS can dig into foreign servers
They're not emails, they're business records, says court
Plug and PREY: Hackers reprogram USB drives to silently infect PCs
BadUSB instructs gadget chips to inject key-presses, redirect net traffic and more
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
prev story

Whitepapers

7 Elements of Radically Simple OS Migration
Avoid the typical headaches of OS migration during your next project by learning about 7 elements of radically simple OS migration.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Solving today's distributed Big Data backup challenges
Enable IT efficiency and allow a firm to access and reuse corporate information for competitive advantage, ultimately changing business outcomes.
A new approach to endpoint data protection
What is the best way to ensure comprehensive visibility, management, and control of information on both company-owned and employee-owned devices?