IT departments have access to the most sensitive data, even ahead of management and the board.
In a survey of 500 IT security specialists, 65 per cent of respondents acknowledged that IT departments have the easiest access to sensitive data, while data access is restricted for other key staff, including CEOs.
When asked who had the easiest access to their company's most sensitive data, 30 per cent believed it was the CEO, eight per cent said management, seven per cent the HR department and five per cent the legal team.
Meanwhile, 40 per cent of IT staff admitted that they could 'hold their employers hostage', even after leaving for another job, by withholding or hiding encryption keys, making it difficult or impossible for management to access vital data.
However, 24 per cent said that the fear of losing encryption keys was deterring them from investing in encryption technologies. Jeff Hudson, CEO of Venafi, said encryption management has become a big issue for companies worldwide, particularly with encryption being the last line of defence in protecting data against loss or compromise.
“Companies are finding out how important encryption is when they have experienced a huge data breach because they weren't using encryption, then they find out that when they deploy encryption they have another big problem, and that is managing the encryption keys,” he said.
“Encryption is only half the solution: you need to know where the keys are, and they find that the only way to manage the keys is with an automated certificate and key management system. Once the data's protected with encryption, the key becomes the data and the thing that must be managed and protected.”