Welcome!

Artificial Intelligence Authors: Elizabeth White, Yeshim Deniz, Zakia Bouachraoui, Liz McMillan, William Schmarzo

Blog Feed Post

Second Annual Study Shows Credit Card and Healthcare Data Protection Driving Encryption Projects, But Unnecessary Risks Still Abound

Survey of Experienced IT Practitioners shows how lost encryption keys disrupt business and major security concerns stand in the way of Cloud Computing

RSA Europe 2009 Conference London, UK and Stoneham, MA – 20 October 2009: Thales, leader in information systems and communications security and data protection, announces that the Payment Card Industry Data Security Standard (PCI DSS) and the US Health Information Portability and Accountability Act (HIPAA) are driving encryption projects across industries according to the findings of the new 2009 Encryption and Key Management Benchmark Survey conducted by research firm Trust Catalyst on behalf of Thales.

Findings show that in Europe 52 percent of the organizations surveyed are planning encryption projects to comply with PCI DSS. In the US, 53 percent of the organizations surveyed are planning encryption project to comply with HIPAA. In both cases, these drivers cut across industry verticals showing the broad impact of data-specific regulations to safeguard the privacy of consumers. However, continuing the trend from the 2008 report, organizations continue to be at risk with only 43 percent using database encryption and 41 percent using tape encryption. These two data sources are at the core of every enterprise and are responsible for many of the well-publicized data breaches.

Key management is business critical, but keys are being lost and compromised

As organizations plan to tackle compliance with encryption, they are spending more time and effort on key management planning. 34 percent of respondents have now spent one year or more planning for key management issues, up from 26 percent in 2008. Driven by the demands for business continuity and availability, 49 percent of organizations indicated they must be able to recover an encrypted database in one hour or less (up from 37 percent in 2008). The application with the most time critical service level, payment processing, must be available in less than one hour for 54 percent of all surveyed. The only way to meet these business continuity and availability demands is with effective key management.

For the first time, the study shows that already 8 percent of organizations have experienced problems with a lost encryption key over the last two years. These key management errors or breaches resulted in 39 percent of these organizations losing data permanently or disrupting business operations. Overall, the most challenging aspect of key management shifted from preparing for a breach last year to the operational issue of rotating encryption keys this year. For those organizations spending one year or more on key management planning, proving compliance was the most challenging.  Both results show that organizations are still in need of automated key management to be able to meet the reporting requirements of auditors and regulators.

Doubts overshadow cloud computing

The research also revealed significant IT security concerns related to cloud computing. More than half of the respondents (52 percent) indicated data security as the chief concern preventing their organization from adopting cloud computing. In addition, when asked about their own company’s plans for cloud computing, 47 percent of respondents said they would not move to the cloud unless data was encrypted and another 43 percent said that at this time they have no plans to move to cloud computing. 59 percent of respondents would not allow encryption keys to be managed by a cloud service (26 percent were unsure) and only 15 percent would allow a cloud service to manage keys at this time.

“These results show clearly that two of the most important pieces of data – a person’s credit card details and their health records – and the regulations designed to safeguard this data are the major drivers for companies to encrypt data,” says Franck Greverie, Vice President, Managing Director for the information systems security activities of Thales. “The impact of a data breach is one of the main security headaches for CEOs and IT specialists alike and regulation is already playing a role in terms of tightening data security. The very nature of encryption means that data is secure even if many of the other enterprise security mechanisms fail and regulators and industry will therefore grow to depend on encryption. At the same time, key management and the ability to demonstrate encryption key custody and control will become increasingly important as auditors and regulators look to validate safe harbor. The good news is that encryption is now significantly easier to implement and manage than in the past. The security industry and standards bodies have reacted quickly to the increased demand for encryption technologies over the last few years and today there are numerous examples of IT products and systems that include embedded or native encryption capabilities.”

The full 2009 Encryption and Trust Management Industry Benchmark Report can be downloaded at: http://iss.thalesgroup.com/en/l/Webinars/EncKeyMgmtSurveyNovember2009.aspx?sf_id=70120000000YK4F

The survey comprised of 655 experienced IT professionals from around the globe. The majority of participants in the survey hold management positions in the technology, software, financial services and government sectors. The survey was compiled during Q3 of 2009.

Notes to editor
Thales is one of the world leaders in the provision of Information and Communication Systems Security solutions for government, defence, critical infrastructure operators, enterprises and the finance industry. Thales’s unique position in the market is due to its end-to-end security offering spanning the entire value chain in the security domain. The comprehensive offering includes architecture design, security and encryption product development, evaluation and certification preparation and through-life management services.

Thales has forty years of unrivalled track record in protecting information from Sensitive But Unclassified up to Top Secret and a comprehensive portfolio of security products and services, which includes network security products, application security products and secured telephony products.

About Thales
Thales is a global technology leader for the Aerospace and Space, Defence, Security and Transportation markets. In 2008, the company generated revenues of 12.7 billion euros with 68,000 employees in 50 countries. With its 25,000 engineers and researchers, Thales has a unique capability to design, develop and deploy equipment, systems and services that meet the most complex security requirements. Thales has an exceptional international footprint, with operations around the world working with customers as local partners. www.thalesgroup.com

Press Contacts:
 
Liz Harris     
Thales      
+44 (0)1223 723612      
[email protected]    

Zoe Gray
Hotwire (Press Agency)
+44 (0)207 608 4641 
[email protected]

Read the original blog entry...

More Stories By RealWire News Distribution

RealWire is a global news release distribution service specialising in the online media. The RealWire approach focuses on delivering relevant content to the receivers of our client's news releases. As we know that it is only through delivering relevance, that influence can ever be achieved.

IoT & Smart Cities Stories
Intel is an American multinational corporation and technology company headquartered in Santa Clara, California, in the Silicon Valley. It is the world's second largest and second highest valued semiconductor chip maker based on revenue after being overtaken by Samsung, and is the inventor of the x86 series of microprocessors, the processors found in most personal computers (PCs). Intel supplies processors for computer system manufacturers such as Apple, Lenovo, HP, and Dell. Intel also manufactu...
At CloudEXPO Silicon Valley, June 24-26, 2019, Digital Transformation (DX) is a major focus with expanded DevOpsSUMMIT and FinTechEXPO programs within the DXWorldEXPO agenda. Successful transformation requires a laser focus on being data-driven and on using all the tools available that enable transformation if they plan to survive over the long term. A total of 88% of Fortune 500 companies from a generation ago are now out of business. Only 12% still survive. Similar percentages are found throug...
Darktrace is the world's leading AI company for cyber security. Created by mathematicians from the University of Cambridge, Darktrace's Enterprise Immune System is the first non-consumer application of machine learning to work at scale, across all network types, from physical, virtualized, and cloud, through to IoT and industrial control systems. Installed as a self-configuring cyber defense platform, Darktrace continuously learns what is ‘normal' for all devices and users, updating its understa...
AI and machine learning disruption for Enterprises started happening in the areas such as IT operations management (ITOPs) and Cloud management and SaaS apps. In 2019 CIOs will see disruptive solutions for Cloud & Devops, AI/ML driven IT Ops and Cloud Ops. Customers want AI-driven multi-cloud operations for monitoring, detection, prevention of disruptions. Disruptions cause revenue loss, unhappy users, impacts brand reputation etc.
Apptio fuels digital business transformation. Technology leaders use Apptio's machine learning to analyze and plan their technology spend so they can invest in products that increase the speed of business and deliver innovation. With Apptio, they translate raw costs, utilization, and billing data into business-centric views that help their organization optimize spending, plan strategically, and drive digital strategy that funds growth of the business. Technology leaders can gather instant recomm...
OpsRamp is an enterprise IT operation platform provided by US-based OpsRamp, Inc. It provides SaaS services through support for increasingly complex cloud and hybrid computing environments from system operation to service management. The OpsRamp platform is a SaaS-based, multi-tenant solution that enables enterprise IT organizations and cloud service providers like JBS the flexibility and control they need to manage and monitor today's hybrid, multi-cloud infrastructure, applications, and wor...
The Master of Science in Artificial Intelligence (MSAI) provides a comprehensive framework of theory and practice in the emerging field of AI. The program delivers the foundational knowledge needed to explore both key contextual areas and complex technical applications of AI systems. Curriculum incorporates elements of data science, robotics, and machine learning-enabling you to pursue a holistic and interdisciplinary course of study while preparing for a position in AI research, operations, ...
After years of investments and acquisitions, CloudBlue was created with the goal of building the world's only hyperscale digital platform with an increasingly infinite ecosystem and proven go-to-market services. The result? An unmatched platform that helps customers streamline cloud operations, save time and money, and revolutionize their businesses overnight. Today, the platform operates in more than 45 countries and powers more than 200 of the world's largest cloud marketplaces, managing mo...
I spend a lot of time helping organizations to “think like a data scientist.” My book “Big Data MBA: Driving Business Strategies with Data Science” has several chapters devoted to helping business leaders to embrace the power of data scientist thinking. My Big Data MBA class at the University of San Francisco School of Management focuses on teaching tomorrow’s business executives the power of analytics and data science to optimize key business processes, uncover new monetization opportunities an...
Trend Micro Incorporated, a global leader in cybersecurity solutions, helps to make the world safe for exchanging digital information. Our innovative solutions for consumers, businesses, and governments provide layered security for data centers, cloud workloads, networks, and endpoints. All our products work together to seamlessly share threat intelligence and provide a connected threat defense with centralized visibility and investigation, enabling better, faster protection. With more than 6,00...