Slashdot Mirror

← Back to Stories (view on slashdot.org)

Only 27% of Organizations Use Encryption

Posted by samzenpus on from the here's-all-my-data dept.

An anonymous reader writes "According to a Check Point survey of 224 IT and security administrators, over 40% of businesses in the last year have more remote users connecting to the corporate network from home or when traveling, compared to 2008. The clear majority (77%) of businesses have up to a quarter of their total workforce consisting of regular remote users. Yet, regardless of the growth in remote users, just 27% of respondents say their companies currently use hard disk encryption to protect sensitive data on corporate endpoints. In addition, only 9% of businesses surveyed use encryption for removable storage devices, such as USB flash drives. A more mobile workforce carrying large amounts of data on portable devices leaves confidential corporate data vulnerable to loss, theft and interception."

9 of 175 comments (clear)

  1. Remote Desktop by Anonymous Coward · · Score: 3, Interesting

    I telecommute and all my work is stored on the server I remote into.
    As I have no work stored locally there is no encryption (aside from the VPN into the server).

  2. lose the keys, lose the data ... by Anonymous Coward · · Score: 3, Interesting

    There are corporate docs using Office 2003 DRM where I work. I'm literally the only person in a multi-national company that can read the docs because I'm the only one who applied the hotfix for the expired certificate.

    IT can't or won't do it through the domain.

  3. As a road warrior I should be using encryption... by hwyhobo · · Score: 5, Interesting

    As a road warrior I should be using encryption, right? I would be a perfect candidate for it? And yet there is no way I will encrypt my laptop when I travel. The risk of losing access to the data when something goes wrong is far too dangerous to risk it. I have had problems on the road already, yet I have always managed to recover my data either from my laptop or from backups, but what happens when the decryption mechanism or the OS crashes? Carry another laptop? Carry bootable USB-based decryption tools? Sorry, too many variables, too much potential for trouble.

    It all comes down to a simple calculation - what is the mathematical probability of someone stealing my drive vs. my OS or disk crashing?(1) Anyone who has traveled knows the second far outweighs the first.

    (1) As long as it is unencrypted, you can still recover it relatively easily.

    --
    End anonymous moderation and posting on /.
  4. More then I expected. by Wizarth · · Score: 3, Interesting

    That is a larger percentage then I expected. I wonder if the statistics were collected by asking people if they used it, and the percentages were more the amount of people who knew they should be.

  5. Re:Does anyone beiieve this number? by Anonymous Coward · · Score: 1, Interesting

    I've worked for the Dutch ministry of foreign affairs, and at least my department not only didn't use encryption, but also no virus scanners, and yes, everyone was administrator on his computer. I've seen computers with sensitive data teeming with worms and viruses. (I was the guy who had to clean them up.) Truth is, people won't care about this until two things happen: 1) something goes spectacularly cataclysmically wrong and 2) the government fails to cover it up properly.

  6. Disk encryption can be very useful sometimes by vadim_t · · Score: 3, Interesting

    There's one use for encryption people don't generally discuss: tech service.

    I've been running a home server for a long time. Such systems over time accumulate years worth of mail, which will contain private data, website passwords, and so on. I personally feel uncomfortable with sending a disk containing years worth of data to a tech support department when I want to say, get it replaced under warranty. There have been a few stories about underpaid techs looking for music and porn on customers' hard drives. And if the disk is broken I can hardly erase it properly.

    So my solution:

    For servers, encrypt the disk, and keep the key in an USB drive always plugged into the server. If a disk breaks, I remove the disk, and send it for warranty replacement without worrying about the data.

    For laptops, I use Ubuntu's disk encryption. It's even better there as laptops usually don't have RAID, and may break for multiple reasons that I can't personally fix.

  7. Re:Encryption drawbacks by Anonymous Coward · · Score: 2, Interesting

    I ask, what are the tradeoffs though? Some of these factors can be mitigated. If you use Vista or Windows 7, Bitlocker recovery keys can be plopped into Active Directory.

    The factors for not having encryption are worse, and this is not factoring PCI/DSS compliance, Sarbanes-Oxley, HIPAA, CALEA, and other laws:

    * The legal liability of having records that were likely tampered with, so if there is a tax audit, there is no proof of anything that can stand in a tax court. The IRS or tax body may find that the lack of security constitutes malfeasance and assess immense fines.

    * Shareholders will band together and make a class action suit at a drop of a hat. If a company shows that it knew about the risk, but didn't deploy encryption, there will be flocks of law firms in a feeding frenzy looking for anything which could be construed as gross misconduct or failing to employ due diligence.

    * Law enforcement who is tired of chasing ID theft cases will be looking at the company to see if any criminal laws about data retention got broken. (This is mainly the EU.)

    * You can do a lot with paying ad guys for PR, but it will cost a lot more to patch up damaged reputation than having meaningful security in the first place.

    * The fees a company pays to have data recovery consultants will far, far outweigh the costs of having a security infrastructure. Yes, I have heard many bosses say, "just call Geek Squad", but for an enterprise-level meltdown, one will be looking at a huge tab, especially if business production systems are down.

    * In some countries, having a rival company or nation know who is on a business's payroll may put lives at stake, especially if someone is found to be working for an unpopular company in an unstable country.

  8. Re:As a road warrior I should be using encryption. by aclarke · · Score: 2, Interesting

    If you have sensitive customer data on your computer, by law you may be required to notify those customers if the data is lost. Or, you may decide that morally it is the right thing to do. Therefore, you also have to balance the potential bad press your company's announcement will generate based on you losing your laptop, whether or not you know that the people who stole it are going to access the data.

    Risk management is more than just the likelihood of your laptop being stolen and your data being accessed by criminals. It's about the significance of each risk as well. Given that for many people, having a laptop stolen and having to disclose that fact is a huge negative, having encryption can mitigate or eliminate that risk.

    --

    www.clarke.ca
  9. Re:As a road warrior I should be using encryption. by Anonymous Coward · · Score: 1, Interesting

    So, your data is so important that you cannot deal with losing access to it, but not so important that you won't encrypt it.

    You must be in sales. Why are you reading slashdot?