One-third of IT security pros are sending sensitive data outside of their organisation without any form of encryption.
Despite headline-making breaches that have called attention to the importance of data encryption, nearly 36 percent of IT security professionals admit to sending sensitive data outside of their organisations without using any form of encryption to protect it, a new survey from Voltage Security reveals. “This statistic is cause for alarm, particularly given that encryption provides protection for companies against cyber criminals, competing companies and even Governments; it is the key to keeping sensitive data away from prying eyes,” said Terence Spies, CTO at Voltage Security. “Encrypting data at the source means that hackers or malicious actors will not be able to see or use the information, even if they do manage to intercept it.”
The survey was conducted at a recent European IT security exhibition by data-centric security specialist Voltage Security, and looked at the attitudes of more than 200 IT professionals towards encryption, big data security and EU data privacy regulations.
Worryingly, the survey also showed that almost half of respondents indicated that they are not de-identifying any data within their organisations. The ability to “de-identify” information, by employing standards based encryption technologies such as Format Preserving Encryption (FPE), provides very effective mechanisms to secure sensitive data, as it is used and managed at the personal and professional level. “This inherently provides an underlying foundation for data privacy, ensuring not just that the data itself is secure, but also that the information can only be accessed and used by authorised users and the specific intended recipients.” Said Spies.
Discussions surrounding data residency, lawful intercept and protecting data from advanced threats have been top of mind for many years. While recent stories shine a spotlight on the risks to data, including theft and extortion, the need to both protect data from inadvertent risk while ensuring the business isn't constrained is a clear problem every business needs to solve. “The good news is that breakthroughs in data protection in the last few years have made it possible to achieve the highest levels of security while maintaining business continuity – even across complex global enterprises,”
Explained Spies. “Our customers, who span many countries and industries, want to ensure that they are complying with all applicable laws, while not relinquishing their ability to provide the high level of protection of sensitive information that their customers demand of them and privacy mandates require. It is encouraging to see that three-quarters of those we spoke to at Infosecurity are aware of these data residency requirements and laws. Data-centric security techniques permit this fine-grained protection of sensitive information which means the protection stays with the data wherever it goes, even if it is intercepted, because it is encrypted at the source. This puts the company in control of the privacy over its data assets, while ensuring it can stay compliant with privacy regulations and keeps the business running smoothly.” concluded Spies.