Compliance is driving encryption within businesses.
According to the findings of the 2009 encryption and key management benchmark survey conducted by Trust Catalyst on behalf of Thales, the Payment Card Industry Data Security Standard (PCI DSS) and the US Health Information Portability and Accountability Act (HIPAA) are driving encryption projects across industries.
It found that in Europe, 52 per cent of respondents are planning to implement encryption projects to comply with PCI DSS. While in the US, 53 per cent of the organisations surveyed are planning encryption projects to comply with HIPAA.
However, organisations continue to be at risk with only 43 per cent using database encryption and 41 per cent using tape encryption.
Franck Greverie, vice president, managing director for the information systems security activities of Thales, said: “These results show clearly that two of the most important pieces of data – a person's credit card details and their health records – and the regulations designed to safeguard this data are the major drivers for companies to encrypt data.
“The impact of a data breach is one of the main security headaches for CEOs and IT specialists alike and regulation is already playing a role in terms of tightening data security. The very nature of encryption means that data is secure even if many of the other enterprise security mechanisms fail and regulators and industry will therefore grow to depend on encryption.”
However the research also found that as organisations plan to tackle compliance with encryption, they are spending more time and effort on key management planning. A third of respondents have now spent one year or more planning for key management issues, with eight per cent of organisations experiencing problems with a lost encryption key over the last two years.
These key management errors or breaches resulted in 39 per cent of organisations losing data permanently or disrupting business operations.
“Key management and the ability to demonstrate encryption key custody and control will become increasingly important as auditors and regulators look to validate safe harbour. The good news is that encryption is now significantly easier to implement and manage than in the past,” said Greverie.