65% of Respondents Acknowledge IT Departments Have Easiest Access to Sensitive Data While Data Access is restricted for other key staff, Including CEOs
The survey also revealed that if the person responsible for managing an organisation's encryption keys were to leave, 23 percent worried that they would not have access to valuable, encrypted data. This survey follows on from Venafi's last survey, which found that 40 percent of IT staff admitted that they could hold their employers hostage-even after leaving for other employment-by withholding or hiding encryption keys, making it difficult or impossible for management to access vital data.
A third of survey respondents said that their knowledge of and access to encryption keys, coupled with their organisations' lack of oversight and poor key and certificate management controls, meant they could bring the company to a grinding halt with minimal effort and little to stop them. Organisations have deployed multi-layer defense systems designed to protect against threats from entering the network and sensitive information from leaving it, yet breaches still occur. The problem is not technology but an inability to manage technology correctly. The survey is an additional reminder that CEOs and boards of directors have not taken appropriate action to protect critical information, and that they continue to allow their IT departments to dictate what data they have access to and how easy it is to access the valuable and often regulated data.
A surprising 24 percent said that the fear of losing encryption keys was deterring them from investing in encryption technologies. This shows that recent major data breaches have almost paralysed some organisations, which are afraid to improve their IT security for fear of making things worse-or just do not trust their IT departments to handle encryption technology effectively.
"Encryption management has become a big issue for companies worldwide. Encryption is the last line of defense in protecting data against loss or compromise," said Jeff Hudson, Venafi CEO. "Companies are finding out how important encryption is when they have experienced a huge data breach because they weren't using encryption. Then they find out that when they deploy encryption they have another big problem and that is managing the encryption keys. Encryption is only half the solution - you need to know where the keys are and they find that the only way to manage the keys is with an automated certificate and key management system. Once the data's protected with encryption, the key becomes the data and the thing that must be managed and protected. What this survey reveals is that organisations have to quickly get to grips with automating key and certificate management-the keys are crucial to safeguarding your whole enterprise."
The survey is based on a sample of 500 IT security specialists taken at InfoSecurity 2011. For a summary of the findings please go to: www.venafi.com/DataAccess .
Venafi is the inventor of and market leader in Enterprise Key and Certificate Management (EKCM) solutions. Venafi delivered the first enterprise-class platform to automate the provisioning, discovery, monitoring and management of digital certificates and encryption keys-from the desktop to the datacenter-built specifically for encryption management interoperability across heterogeneous environments. Venafi products reduce the unquantified and unmanaged risks associated with encryption deployments that result in data breaches, security audit failures and unplanned system outages. Venafi also publishes best practices for effective key and certificate management at www.venafi.com/best-practices. Venafi customers include the world's most prestigious Global 2000 organizations in financial services, insurance, high tech, telecommunications, aerospace, healthcare and retail. Venafi is backed by top-tier venture capital funds, including Foundation Capital, Pelion Venture Partners and Origin Partners. For more information, visit www.venafi.com.
Venafi and the Venafi logo are trademarks or registered trademarks of Venafi. All other company and product names may be trademarks or registered trademarks of their respective companies.