When it comes to protecting a company's most sensitive data, encryption technology is usually the last line of defense. While this part of the security arsenal has been around for years, many enterprises and their IT departments are just now beginning to embrace it thanks to the increased pressure from cloud computing and big-data.
Right now, about 44 percent of all companies use or have implemented some type of encryption technology to protect their most sensitive data, according to a December 10 report from Kaspersky Labs and B2B International. The two companies polled 3,300 different IT professionals in 22 countries in July to gauge their various security policies.
The report found a significant increase in the use of encryption in the last 12 months. The reasons for that vary, but the survey seems to show that many businesses and IT departments use it as a final level of defense to protect the data at the datacenter level, especially as concerns about the cloud and big-data come into the picture. As Kaspersky notes: Even if someone has forced their way inside the corporate network, encryption can make it more difficult to access the most important information a company keeps.
In a statement that came with the report, Nikolay Grebennikov, the chief technology officer at Kaspersky Lab, noted that while encryption can reduce risks, it's not foolproof. He said:
Encryption is among the most promising technologies for reducing the risk of critical data leakage, but it's at its most effective when incorporated into a comprehensive security system for corporate IT infrastructure.
While encryption is on the upswing, it's not being implemented to its fullest extent. The report found:
- About 36 percent of IT specialists use full disk encryption or encryption of information arrays.
- Only 44 percent of IT specialists who use full disk encryption actually use the technology to protect critical data.
- About 32 percent of IT pros use encryption on external devices such as USB drives.
The reason why more companies do not use encryption is that it's particularly hard and expensive to use. However, protecting critical data is the second biggest concern of these enterprises, and that is only outranked by protecting against malware. It seems that most companies continue to invest in standard antivirus or firewall security technologies.
In fact, encryption can mean a lot for companies that want to protect their customers' data and their own data. At our sister publication, Point2Security, Hailey Lynne McKeefry blogged about how credit card companies can benefit from using encryption technology. In most cases, though, the technology is underused. (See: PCI Ignorance Epidemic Needs Encryption Cure .)
There are also more exotic forms of data encryption that have potential, but are far away from commercial use. For example, Enterprise Conversation wrote about a new breakthrough in quantum cryptography. If it works the way scientists show, this technology would eliminate the need for so-called "dark fiber," and allow datacenters to use standard cable to transmit and receive encoded data and messages. (See: Researchers Demonstrate Quantum Cryptography Over Fiber Networks.)
What are security pros using to protect their data? Is IT looking at encryption technology, or is it too complicated and costly to implement?