Data encryption is on a lot of IT pros’ minds these days. It’s also on a lot of their to-do lists. But when push comes to shove, far too few have taken the plunge and made it a priority.
Look no further than several high-profile breaches:
- 38 million unencrypted passwords stolen from Adobe last October
- Starbucks’ recent admission it stores passwords in unencrypted plain text files, and
- the grand daddy of them all, the Target/Neiman Marcus data breach.
What’s stopping encryption?
With so many convincing arguments for stronger encryption of data, what’s holding people back? A recent study by Thales eSecurity and The Ponemon Institute has some answers. It found the biggest challenges to encryption strategy were:
- Discovering where sensitive data resides (61%)
- Deploying the encryption technology effectively (50%)
- Classifying which data to encrypt (37%), and
- Obtaining the budget to deploy (24%).
Two of those issues – finding sensitive data and recognizing it – are especially crucial to the early going of a data encryption project. Without this information, knowing the scope, cost and effectiveness of a project would be entirely impossible.
You’ll want to audit and find where that data resides even if you’re not getting ready for encryption. It’s good information to have.
Cloud isn’t necessarily the answer
One solution that many have to encryption is the solution they have to every issue: Put it in the cloud. Have someone else worry about the security for you.
According to the study, 64% of respondents that currently transfer sensitive data to the cloud believe it’s the cloud provider’s job to keep that information safe. In a perfect world, that may be true.
But you’ll want to be sure your provider actually has that same sense of responsibility for data protection. Make sure the contracts clearly state who will be responsible in the event of a breach – and the steps being taken to prevent one.