Slashdot Mirror

← Back to Stories (view on slashdot.org)

Only 27% of Organizations Use Encryption

Posted by samzenpus on from the here's-all-my-data dept.

An anonymous reader writes "According to a Check Point survey of 224 IT and security administrators, over 40% of businesses in the last year have more remote users connecting to the corporate network from home or when traveling, compared to 2008. The clear majority (77%) of businesses have up to a quarter of their total workforce consisting of regular remote users. Yet, regardless of the growth in remote users, just 27% of respondents say their companies currently use hard disk encryption to protect sensitive data on corporate endpoints. In addition, only 9% of businesses surveyed use encryption for removable storage devices, such as USB flash drives. A more mobile workforce carrying large amounts of data on portable devices leaves confidential corporate data vulnerable to loss, theft and interception."

9 of 175 comments (clear)

  1. Encryption drawbacks by WetCat · · Score: 5, Informative

    Using encryption has its drawbacks:
    * you must provide a meaningful key management
    * you lose speed of your machines for number crunching
    * you can easily lose data in the event of hardware corruption
    * access to data is a bit harder even for legitimate purposes
    * many systems (for example Active Directory domain controller .vs. ipsec) doesn't work well with encryption
    * skills of your systems management must be higher

    1. Re:Encryption drawbacks by KiloByte · · Score: 2, Informative

      * you lose speed of your machines for number crunching

      I think you need to review just how much time you think computers spend reading and preparing data from the hard drive. If you're in the middle of a number-crunching job, it's pretty much negligible. And besides that, most business laptop users (the target users of full-disk encryption) are trying to read e-mail and write Powerpoint slides, they aren't trying to simulate protein folding.

      For typical modern hard disk and CPU speeds, it takes about a single whole core to encrypt/decrypt the data at full bandwidth. That's definitely not a negligible loss. Business users may be not trying to run make -j like we do, but they'll still suffer significantly decreased battery life.

      --
      The creatures outside looked from Alt-Right to Antifa; but already it was impossible to say which was which.
    2. Re:Encryption drawbacks by broken_chaos · · Score: 2, Informative

      From my experience playing with dm-crypt under Linux (on a greater-than three year old laptop, nonetheless), the speed and battery impact is surprisingly negligible for anything that doesn't constantly access the disk. Even with constant disk access, it was often less than a 'full core' of CPU utilisation. The only circumstance I can see full disk encryption, even done entirely in software, being a significant drain on performance is with a single core system or an extremely fast hard drive setup. A number of business-oriented laptops come with dedicated hardware disk encryption these days, such as some of the Lenovo offerings.

      Of course, I did tweak the system I used to a fairly significant degree -- for example, most compilation (it was running Gentoo) was done fully in RAM, thanks to tmpfs, as well as using some other laptop-mode tweaks that reduced frequency of writes. It wasn't even that I needed the data on the disk encrypted... I just did it because I could, with few downsides and the upside being some more experience with that sort of security setup (which has come in handy since).

  2. Re:Does anyone beiieve this number? by AliasMarlowe · · Score: 4, Informative

    I'm a consultant. I have honestly NEVER encountered any user at any company encrypting disk/usb/cd/dvd/email.

    Where I work (company has over 10^5 employees worldwide), whole disk encryption is standard on all laptops. It is uncommon on desktops, however, and not compulsory on removable devices. All remote access is always encrypted, and requires the correct encryption package and authorizations. A similar situation existed at the place I worked before (about 3.10^4 employees worldwide).

    Due to the support and policy infrastructure needed, I suspect encryption is much commoner in large organizations than small ones. How the statistics on use of encryption (TFA says 27%) are formed is another matter.

    --
    Those who can make you believe absurdities can make you commit atrocities. - Voltaire
  3. that's because by rastoboy29 · · Score: 2, Informative

    we geeks haven't made it easier to use.

    --
    expandfairuse.org
  4. Re:As a road warrior I should be using encryption. by Radtoo · · Score: 2, Informative

    but what happens when the decryption mechanism or the OS crashes? [...]

    It all comes down to a simple calculation - what is the mathematical probability of someone stealing my drive vs. my OS or disk crashing?(1) Anyone who has traveled knows the second far outweighs the first.

    (1) As long as it is unencrypted, you can still recover it relatively easily.

    Well, I'm not sure what encryption solution you might have tried. I for one have been using first TrueCrypt and then LUKS on a laptop. It traveled far and its hard disk drive already had to be replaced twice. There never were any particular pains with encryption.

    First and most important of all, backups and encryption do not interfere. So you obviously DO backup such a laptop that may get stolen, lost, or break completely. Certainly, if you use encryption, you want to have the software needed to decrypt an encrypted partition it on your backup or a live DVD, but that's nothing that's hard to get.

    Even filewise recovery and forensics is possible on an encrypted partition, too - as long as you have the master encryption header (or similar) backed up, there's little chance for additional problems introduced by having encryption in case of a recovery.

  5. Re:Remote Desktop by fuzzyfuzzyfungus · · Score: 5, Informative

    I have to wonder how many of the outfits in TFA's little scare story fall into your category.

    Remote access to network resources via a Citrix or other terminal server setup isn't exactly uncommon and means that no data of any interest actually end up on the user's HDD. They could still have a keylogger or screen-grabber lurking; but full disk encryption wouldn't save you from that in any case.

    Frankly, unless the remote users are all on fully-managed-owned-and-issued-by-IT laptops, which are the only ones where full disk crypto is really going to be practical on any scale, a terminal server is overwhelmingly easier to set up and run. "Go to our website, click here, receive desktop" is a far simpler instruction than "Establish a VPN connection, now connect to our fileserver to access your documents, now configure your email client, now do all the other little things that would happen automagically if you were on a machine we had set up. Oh, you'll probably be asked for your credentials 10 times or so, because your machine isn't bound to our domain."

  6. While everyone is arguing over drive encryption... by barzok · · Score: 2, Informative

    thousands of businesses are using plain FTP and email to throw unencrypted files around to & from other companies daily.

  7. We use it, and it sucks by onyx00 · · Score: 3, Informative

    I work at a Fortune 100 company and we recently (1 year ago) deployed disk encryption to all laptops. It sucks honestly. You can't do image backups anymore, not to mention backups are questionable because you don't always know how the backup is being done (low level copy, file copy, etc.). Furthermore, it SLOWS compiles, etc. way way down. When you are hitting the disk a ton to compile, the encryption takes a huge toll. And finally, if something does wrong on the disk, well your data it at the hands of an IT guy they hired last week. Even worse, they won't give IT-contractors the keys to fix encryption issues, so only a limited staff can deal with disk encryption issues encountered.