Risk Mitigation

When I attended the Gartner Security & Risk Management summit a couple of weeks ago, I attended a session about Encryption Planning Made Simple. It was a good look at some of the issues facing organizations today and the barriers to the adoption of data encryption solutions.

One of the key points of discussion for this session was the fact that many things are changing in the market today. What was once a very stable market historically is now experiencing huge changes thanks to various regulations being evaluated by government or things like cloud storage solutions. So while data storage encryption isn’t mandatory for the majority of organizations, it’s suddenly becoming a very hot topic. A great statistic presented by Gartner in this session was:

“By 2016 only 25% of enterprise located within data breach notification jurisdictions, will encrypt centrally stored personal or health data.”

Given the number breaches in the last year alone at various healthcare and other organizations, this is a staggering number. But what’s driving this is the fact many of the regulations out there aren’t mandatory… yet. The end message was that organizations really need to evaluate the various regulations and balance them against security controls and risk mitigation issues when considering how to best deploy encryption solutions.

Tying into the concept of regulations, is the impact of cloud and how that affects an organization and the data they’re storing. Many cloud providers aren’t local to a particular country and that could mean data is stored across borders and jurisdictions. What does that mean when legal protection is required? Additionally, what about countries that required specific security requirements for the privacy of data? If it’s in the cloud in another country or jurisdiction is that requirement still valid?

What it all came down to when discussing the risks and benefits is the fact that data encryption solutions offer risk mitigation. They’re like insurance in the event data is lost or stolen. They can help minimize the requirements for reporting data loss (if encrypted) and when dealing with the cloud, offer better protection than the ‘built-in’ security cloud providers offer.

Right now, the cloud is one of the most complicated issues surrounding data encryption and security. The goal should be to encrypt data in the cloud but keep keys locally with the organization. It sounds simple but it’s a tricky subject matter. We’re working to address this solution for customers and hope to be able to show off something pretty cool in the near future.

Previous Post
Emergency Services Organization Need Protection Too
Next Post
All for One

Related Posts

Talking Security at SC Congress

Last week, we attended the SC Congress in Chicago, IL and walked away a little wiser and more informed. These events are always great to get a sense of what’s happening in the industry, what customers are concerned about and…
Read more

Pre-Boot Network Authentication

Being an IT administrator can be very challanging, with many responsibilities ranging from making sure every employee has the proper working tools required to do their jobs to keeping corporate data safe. Some of the simplest tasks faced by IT…
Read more

The PC is dead, long live the PC

There’s nothing like being melodramatic at the beginning of the week. Today Gartner Inc. released the latest worldwide PC shipment numbers and it looks like things are declining. Gartner is attributing much of this decline to a shift to Tablet…
Read more

With Lost Laptops—It’s Finders, Keepers

A recent informal phone survey conducted by WinMagic should prompt the traveling professional to hold that laptop case tighter – and corporate IT teams to more closely administer policies regarding mobile device security. (more…)
Read more

Leave a Reply

Your email address will not be published. Required fields are marked *

Fill out this field
Fill out this field
Please enter a valid email address.