A new survey on encryption usage and trends in industry by the Ponemon Institute (sponsored by Thales e-security) finds that enterprise-wide encryption adoption is accelerating. But like all things the devil is in the details.
Mark Gibbs, Azstec’s CTO, who is also a writer for Network World (as well as a lecturer extraordinaire), has just published an article in their e-magazine summarizing the Ponemon study on the use and adoption of encryption in industry. Mark points out that in the area of cloud storage enterprises often leaves the key management to the cloud supplier, which as we have pointed out previously is a bad idea for a whole host of reasons. I would encourage you to read Mark’s artcle, particularity for his take on the management of encryption keys in the cloud.
From our point of view the good news is that encryption, at least in the enterprise level, is increasing, however when you dive into the details there still are a number of “gaps” in usage that are particularly troubling. While the survey found that use of encryption at the enterprise level has increased to forty-one percent, much of the implementations are in areas that you would EXPECT to have in enterprise companies. While the numbers have increased over the past couple of years it is sobering to think that even now 60% of enterprises are NOT using some sort of encryption to protect your confidential information.
Encryption use details
As you can see from the Ponemon data the highest areas of encryption usage are in databases, laptops, internet communications, and backups. Frankly any company that has laptops floating around or is not using secure communications to/from their website is seriously out of touch with the current reality of cybersecurity. In areas of communication (email, internal networks, and cloud) the usage was as low as 17%, which is even more shocking.
For a small business if you follow the advice we have laid out in our 7 Cybersecurity Must-Do’s for 2016 you are well on your way to securing your company and protecting your customers data. Fifty percent of your risks are associated with employee mistakes and if you address these you have reduced your risk substantially. First, implement a password manager to make sure that all websites and system logins all have complex and unique passwords, second, train your employees to recognize ransomware, finally, implement a encryption email solution that prompts your employees to verify whether an email (or its contents) should be secured prior to sending it. docNCRYPT our premier email encryption solution does exactly. We also have suggestions on password managers in our article Passwords: The first line of Cyber Defense.
Security is a Process
Finally, there are lots of security threats and threats change weekly. As Bruce Schneier has pointed out, security is a process not a product. Security starts with being aware of the threats that may target you or your business and put in place processes that help protect you from the inherently insecure world of computerization. All of this may seem daunting to a small business owner, but knowledge in this area starts by staying up to date, which is what we strive to do at Azstec so drop by our Cybersecurity Center from time to time or better yet sign up to our newsletter that we publish and email every couple of weeks or when we think there is a serious security threat we think you should be aware of.
When not beating the drum over password security David Griffith is the CEO of Azstec LLC, the creators of docNCRYPT, the incredibly simple document security solution for everyone. If you have any comments or questions, email David at dgriffith [at] azstec.com and follow the Azstec Blog or on Twitter or LinkedIn.