Disk encryption up - but tape still lags
More than a third of organisations still do not know if they will encrypt their backup tapes, and half do not know where they would store their tape backup encryption keys, according to the latest ‘Encryption and Key Management Benchmark Survey’ from Thales.
The survey indicates that the long list of data loss headlines, coupled with compliance pressures, is driving organisations to encrypt more applications than ever before. Web sever and SSL encryption top the list, with 94 per cent being encrypted, followed by desktop file and email encryption, along with full disk encryption.
Yet tape backup encryption comes only 11th in the list, below USB and mobile device encryption, potentially leaving a major hole in enterprise data protection strategies. This is evidenced by the many recent data losses, Thales claims, including 15,000 patient records stolen after a thief took unencrypted computer tapes from a doctor's surgery in the UK, and 650,000 J.C. Penney customers in the US were put at risk when an unencrypted backup tape was lost.
The survey shows that the difficulty of key storage and management remains a major barrier across all encryption applications. When asked where encryption keys would be stored, more than 40 per cent of respondents answered ‘don't know’ for seven out of 13 encryption applications. When respondents did know where they would store their keys, the most popular answer was ‘in software on disk’.
The cost of data recovery and lost business were at the top of respondents' lists when it comes to concerns over lost or compromised encryption keys, with compliance only in third place. With real concerns about issues such as backing up and revoking or terminating keys to prevent unauthorised access to data, 69.3% of respondents said that they would chose to use automated and centralised key management systems as opposed to manual processes.