Enterprise encryption trends in the UK

PGP Corporation announced the results from a second annual study by The Ponemon Institute identifying key areas of focus in enterprise encryption usage, planning strategies, budgeting and spending, deployment methodologies, and impact on data breach incidents. The key findings of the 2008 Annual Study: U.S. Enterprise Encryption Trends demonstrate organisations continue to move towards a more strategic approach to encryption including a larger focus on key management, especially those companies identified as having the most effective IT organisations.

The study also shows that 60 percent of organisations surveyed suffered at least one data breach over the last 12 months with 28 percent of organisations suffering two to five breaches during the same time period. However, an emerging trend appears to show that organisations with an enterprise encryption strategy lowering the rate of data breaches. This demonstrates that an encryption strategy, especially one implemented across the enterprise, can reduce the costs and brand damage associated with data breaches and likely leads to a more profitable business.

The study of nearly 650 UK-based IT and business managers, analysts and executives (51 percent at the director or VP level), identifies a new trend that shows organisations with a more strategic, enterprise-wide approach to encryption have experienced fewer data breaches. In response to increasing demands for data security, 15 percent of organisations surveyed now have an encryption strategy applied consistently across the organisation, up from 9 percent in 2007.

Other key findings in this year’s research include:

• Encryption use across multiple applications grows. Respondents reported the consistent encryption of laptops, emails, file servers, and backup tapes increased. In the wake of publicised data breaches, tape backup encryption is the most common, with 13 percent reporting use most of the time. Laptop encryption used most of the time in organisations grew to 12%, up from 10% in 2007.
• During the last 12 months, organisations shifted their reasons for using encryption dramatically: the use of encryption to comply with privacy and data security regulations increased from just 17% of those surveyed in 2007 to 58% in 2008.
• Key management is more frequently budgeted for in 2008 as organisations seeking to reduce operational costs prefer to choose just one enterprise vendor. Organisations surveyed on average plan to spend 33 percent of their total encryption budget on key management solutions:
• 51 percent of organisations expect their key management investments to reduce the overall operational costs of enterprise data protection.
• 49 percent of organisations expect to deploy a single enterprise-wide key management solution or deploy a single vendor’s key management solution for different purposes in 2008.
• Only 24 percent of organisations are seeking a tactical key management solution for just one encryption application.

With a need to enforce policy and increase automation for key management, respondents were overwhelmingly interested in a platform approach; at least 52 percent rating five fundamental characteristics of the PGP Encryption Platform approach as important or very important. Respondents believe a platform approach enables their business to reduce expenses and improve productivity and identified these top three benefits of this approach:

• Supports development of a strategic encryption strategy (59 percent of respondents)
• Reduces operational costs (56 percent)
• Eliminates redundant administrative tasks (52 percent)

Finding that organisations with enterprise-wide encryption strategies are reducing the risk of data breaches and organisations overwhelming prefer a platform approach to encryption is significant in the evolution of data security. The increased interest in automated policy enforcement, single administration interface, and comprehensive key management continue to favour adoption of an encryption platform solution. The preference for adopting this approach to managing multiple encryption applications from a single console continues to mirror the progression seen with other important enterprise applications such as ERP and CRM.

Recent research conducted by the Ponemon Institute found the cost of a data breach in the UK to average £47 per record compromised or an average total of £1.4 million per breach.