Slashdot Mirror

← Back to Stories (view on slashdot.org)

Only 27% of Organizations Use Encryption

Posted by samzenpus on from the here's-all-my-data dept.

An anonymous reader writes "According to a Check Point survey of 224 IT and security administrators, over 40% of businesses in the last year have more remote users connecting to the corporate network from home or when traveling, compared to 2008. The clear majority (77%) of businesses have up to a quarter of their total workforce consisting of regular remote users. Yet, regardless of the growth in remote users, just 27% of respondents say their companies currently use hard disk encryption to protect sensitive data on corporate endpoints. In addition, only 9% of businesses surveyed use encryption for removable storage devices, such as USB flash drives. A more mobile workforce carrying large amounts of data on portable devices leaves confidential corporate data vulnerable to loss, theft and interception."

3 of 175 comments (clear)

  1. Encryption drawbacks by WetCat · · Score: 5, Informative

    Using encryption has its drawbacks:
    * you must provide a meaningful key management
    * you lose speed of your machines for number crunching
    * you can easily lose data in the event of hardware corruption
    * access to data is a bit harder even for legitimate purposes
    * many systems (for example Active Directory domain controller .vs. ipsec) doesn't work well with encryption
    * skills of your systems management must be higher

  2. Re:Does anyone beiieve this number? by AliasMarlowe · · Score: 4, Informative

    I'm a consultant. I have honestly NEVER encountered any user at any company encrypting disk/usb/cd/dvd/email.

    Where I work (company has over 10^5 employees worldwide), whole disk encryption is standard on all laptops. It is uncommon on desktops, however, and not compulsory on removable devices. All remote access is always encrypted, and requires the correct encryption package and authorizations. A similar situation existed at the place I worked before (about 3.10^4 employees worldwide).

    Due to the support and policy infrastructure needed, I suspect encryption is much commoner in large organizations than small ones. How the statistics on use of encryption (TFA says 27%) are formed is another matter.

    --
    Those who can make you believe absurdities can make you commit atrocities. - Voltaire
  3. Re:Remote Desktop by fuzzyfuzzyfungus · · Score: 5, Informative

    I have to wonder how many of the outfits in TFA's little scare story fall into your category.

    Remote access to network resources via a Citrix or other terminal server setup isn't exactly uncommon and means that no data of any interest actually end up on the user's HDD. They could still have a keylogger or screen-grabber lurking; but full disk encryption wouldn't save you from that in any case.

    Frankly, unless the remote users are all on fully-managed-owned-and-issued-by-IT laptops, which are the only ones where full disk crypto is really going to be practical on any scale, a terminal server is overwhelmingly easier to set up and run. "Go to our website, click here, receive desktop" is a far simpler instruction than "Establish a VPN connection, now connect to our fileserver to access your documents, now configure your email client, now do all the other little things that would happen automagically if you were on a machine we had set up. Oh, you'll probably be asked for your credentials 10 times or so, because your machine isn't bound to our domain."