Encryption and user access management drives business needs to meet compliance and data breach mitigation

Regulatory compliance and data breach mitigation are the two overbearing factors driving organisations to deploy encryption technologies.

New research by Symantec and the Ponemon Institute found that technologies such as encryption are most frequently earmarked for budget spending, with an increase of nine per cent from last year's survey findings. Endpoint security solutions, including laptop encryption, were up by ten per cent from 2009, while key management for encryption solutions rose by nine per cent from 2009.

A common reason for the use of encryption is compliance with data protection and privacy regulations, also a key driver alongside mitigating data breaches. However it also found that one-third of UK organisations do not have some type of strategy for using encryption across the enterprise. This was evident recently when A4E lost an unencrypted laptop despite having a policy on encryption.

In the UK, the twin drivers of encryption technology adoption were mitigation of data breaches, cited by 40 per cent of those questioned, and compliance with privacy or data security regulations and requirements, at 39 per cent. These figures increased from 30 and 35 per cent in 2009 respectively.

Talking to SC Magazine, Jamie Cowper, principal product marketing manager for encryption and data loss prevention at Symantec, said that there is an element of more of the same, although there was a spike in multiple data breaches by a company.

He said: “It is down to companies having a better handle on data flow as and when an incident occurs and there is greater awareness over what a data breach looks like and there are remediation technologies in place. Encryption and identity and access control are being used as companies look to encrypt across the organisation, with a growth in disk encryption, encrypted USBs and key management is coming up more, which suggests that people have deployed a fair amount of encryption.

“There has been a sea change, back in 2005 you had to justify why people should encrypt and the default was not to and there were pockets of strong encryption in government, in financial services, but for the every day IT department it was not on the top ten things to do but that has changed because of data breaches. This is also seen if you buy a server it has encryption on it, if you buy a computer or a smartphone the operating system has something built in. Whatever it is, there is a bit of encryption in it.”

The survey also found that 71 per cent of UK organisations have experienced at least one breach. Dr. Larry Ponemon, chairman and founder of the Ponemon Institute, said: “Given that tough new data protection regulations mandate the use of encryption as a hedge against data breaches, enterprises are under increased pressure to invest in these technologies in order to comply.

“A string of high-profile cases involving the loss, theft and misuse of data by government agencies and businesses in the UK has driven the Government to make improving cyber security and particularly protection of personal information and national cyber infrastructure and sensitive data, a national priority.”

Sign up to our newsletters