Survey: UK biz is using more encryption
But users still shove unprotected USB sticks in holes...
Despite a run of high-profile security breaches, almost half of UK corporate laptops remain unprotected against theft and data loss, according to a survey of British businesses published on Thursday.
Only 52 per cent of 320 UK public and private sector IT managers polled in the survey use data encryption on their corporate laptops. Half (50 per cent) fail to protect removable media (USB sticks and DVDs).
The study, commissioned by corporate network and device security firm Check Point, showed that data encryption usage on UK business laptops has grown significantly in the past year. Laptop encryption up 12 points from 40 per cent last year to 52 per cent this year. Consumerisation of IT, the trend where workers use their own smartphones or computers at work as an alternative to using more staid corporate-supplied kit, emerged as a key concern among survey participants.
Only 17 per cent of the organisations quizzed said they insisted on deploying security on personal devices used for work purposes. A further 42 per cent restrict access to corporate networks to corporate devices only. Many of those quizzed (42 per cent) worked for organisations with no security policy in the area.
A substantial minority (13 per cent) of those quizzed reported a breach due to a lost or stolen laptop and a further 7 per cent reported a lost or stolen USB stick or removable storage device. Around one in 12 (8 per cent) reported a breach from an email being accidentally sent to the wrong recipients. Only a third (32 per cent) of those quizzed used data-leak prevention, a type of security technology sold by Check Point and other vendors as a means to prevent just this type of rogue email mishap.
A laptop encryption growth rate of 12 points over just a year sounds like great progress to us, suggesting that deployment of the long-established technology has stepped up a gear. Check Point's UK boss still isn't satisfied with these results however, describing the rate of growth as "slow".
Terry Greer-King, Check Point’s UK managing director said: "It’s encouraging that more UK firms are protecting their laptops and data, but the rate of growth is slow, and nearly half of organisations still do not secure their data on portable computers and devices. At the same time, new threats such as consumerisation are emerging, and many organisations haven’t established measures to secure the use of personal laptops and smartphones in the workplace."
"These threats need to be addressed by a combination of education and technology so that organisations can protect their data, their business and their employees against the risks of security breaches,” he concluded. ®
The problem with encrypted removable media is that there is no standard whatsoever... So you end up with a small unencrypted partition containing a binary windows program that users are expected to execute in order to gain access to the data.
Not only is this completely unusable for Linux/Mac users, but in many environments you would not be able to install the software anyway. Plus it adds yet another piece of software which almost certainly won't be centrally updated and will sooner or later end up full of security holes.
USB sticks are typically only used when you want to transport data to a system which is outside of the corporate network anyway, since it would be pointless to use a usb stick when its much easier to copy data over the network... USB sticks are used when users have to take data off site, or give data to third party contractors...
Also every vendor of such devices seems to implement their own software, and i doubt much of it has been thoroughly audited, and there have been several cases in the past where such software has had serious flaws in the encryption it uses.
What's needed is a standard for encryption of removable media, so that an encrypted device can be connected to any computer and without the need to install software can be mounted upon entering of the correct key.
OK, is there a market for a small latex protector for a USB device?
Because we seem to have created one.
I wonder how Nokia Lumia's fit into this with no on-device encryption?