No one would argue that cryptography and encryption are new technologies. It was true decades ago and it is still true today – encryption is the most reliable way to secure data. National security agencies and major financial institutions have long protected their sensitive data using cryptography and encryption. Today the use of encryption is growing rapidly, being deployed in a much wider set of industry sectors and across an increasing range of applications and platforms. Put simply, cryptography and encryption have become one of the hottest technologies in the IT security industry – the challenge now is to ensure that IT organizations are equipped to handle this shift and are laying the groundwork today to satisfy their future needs.
Last line of defense for personal data
As many merchants and retailers take action in order to meet the stringent Payment Card Industry Data Security Standard (PCI DSS), the need to protect sensitive credit card data is first and foremost on their minds. This is highlighted in the recent finding by the Canadian government that the lack of proper encryption was to blame for the TJX breach that exposed at least 45 million customers' credit and debit card records. But looking more broadly the issue isn’t limited to just credit card data. In September, more than 800,000 people who applied for jobs at clothing retailer the Gap Inc. were alerted to the fact that a laptop containing personal information such as social security numbers was stolen, exposing the applicants to potential identity theft.
It is clear that the protection of personal or private data is critical to the well being of any company that stores or processes this information. Encryption has become a last line of defense for data protection because, once data is encrypted, if stolen or even simply misplaced, it is rendered unreadable without the keys to decrypt that data.
A recent independent survey conducted by industry analyst firm Aberdeen Group shows an increasing use of encryption and a growing need for centralized and automated key management.
The survey, ”Encryption and Key Management” which was co-sponsored by encryption management vendor, nCipher, found that Best-in-Class organizations (a category that Aberdeen defined as including organizations that have seen the most improvement in their IT security effectiveness over the past 12 months) demonstrated a tremendous increase in the number of applications and locations deploying cryptography in order to protect sensitive data compared with one year ago and, consequently, an increase in the number of encryption keys they have to manage.
Eighty-one percent of respondents had increased the number of applications using encryption, 50 percent had increased the number of locations implementing encryption and 71 percent had increased the number of encryption keys under management compared with one year ago.