43% of management claim to have been denied access to information because they can't find their encryption keys
A third of survey respondents said that their knowledge of and access to encryption keys and certificates, used for both system authentication and data protection, means they could bring the company to a grinding halt with minimal effort and little to stop them. This is due to lack of oversight and poor management of their organisation's encryption keys.
Astonishingly they claim that even after they have left they still could cause havoc with their knowledge of the encryption keys, shared passwords and weak controls. 40% of respondents admitted that they would still have access to vital information and could manipulate it to their own ends-both to their company's financial and reputational detriment.
31% of respondents astonishingly said that they could still access organisational data because they could easily retain the encryption keys when they left and access the information remotely. Finally, 24% of respondents to the survey admitted that their fear of losing encryption keys is what is deterring them from investing in encryption key and certificate solutions to protect digital assets and secure sensitive system communications.
Survey respondents would use an automated solution to encryption key management - if they knew it existed The survey shows that 82% of companies now use digital certificates and encryption keys, however, 43% admit to being locked out from their own information-because people have left the organization or keys are lost-and 76% would use automation if they knew it existed. These same companies are unaware of how to manage their keys and certificates, leaving them exposed to unplanned system outages, security risks and reduced access to critical data.
Jeff Hudson, Venafi CEO, said: "It's a shame that so many people have been sold encryption but not the means or knowledge to manage it. They have found out the hard way-after being locked out from their own information-that they need an automated solution to manage the thousands of keys and certificates they have. Once the data's protected with encryption, the key becomes the data and the thing that must be managed and protected. Key Encryption is only half the solution. IT departments must track where the keys are and monitor and manage who has access to them. What this survey reveals is that organisations need to quickly come to terms with how crucial encryption keys are to safeguarding the entire enterprise as well as the heightened need for automated key and certificate management with access controls, separation of duties and improved polices. It's no longer rocket science. Yet recent, costly breaches at Sony, Epsilon and elsewhere reinforce the need for both more encryption and effective management. There are some great solutions on the market that can manage and automate these assets at a click of a switch."
This data is based on a survey sample of 500 IT security specialists taken at the InfoSecurity 2011 event in April this year. The full survey results set and executive summary can be viewed at: www.venafi.com/InfoSecurity-data.
Venafi is the inventor of and market leader in Enterprise Key and Certificate Management (EKCM) solutions. Venafi delivered the first enterprise-class platform to automate the provisioning, discovery, monitoring and management of digital certificates and encryption keys-from the desktop to the datacenter-built specifically for encryption management interoperability across heterogeneous environments. Venafi products reduce the unquantified and unmanaged risks associated with encryption deployments that result in data breaches, security audit failures and unplanned system outages. Venafi also publishes best practices for effective key and certificate management at www.venafi.com/best-practices. Venafi customers include the world's most prestigious Global 2000 organizations in financial services, insurance, high tech, telecommunications, aerospace, healthcare and retail. Venafi is backed by top-tier venture capital funds, including Foundation Capital, Pelion Venture Partners and Origin Partners. For more information, visit www.venafi.com.
Venafi and the Venafi logo are trademarks or registered trademarks of Venafi. All other company and product names may be trademarks or registered trademarks of their respective companies.