News
Encryption Costs a Fraction of Value to Global Companies
August 2012 by WinMagic Inc. and Ponemon Institute
According to the recent WinMagic Inc. and Ponemon Institute survey into the cost of ownership of full disk encryption, the costs of encryption is a fraction of the value it provides to businesses around the world. The results of the findings are welcomed by Colin Tankard, Managing Director of data security company, Digital Pathways.
Tankard has been ‘banging the drum’ in favour of employing robust encryption across all data platforms for many years.
“In today’s world we need to consider all forms of data and not just flat files such as documents on laptops. There are databases, media files and all other forms of structured or non-structured data within an enterprise. All contain sensitive data. The encryption solution needs to straddle many operating systems including HP-UX, AIX and all the versions of Linux, to provide a common form of security policy transparently,” says Tankard.
Tankard accepts that encryption can be expensive, especially in terms of administration but he says the answer is to apply a solution that is totally transparent to the application and the type of data. This means it can be easily installed in an enterprise of any size without the need to change the way applications or users work.
“This is really important if the application is customised where the actual application code needs to be altered to work with encryption” comments Tankard. “You can see how this type of encryption would take a lot of looking after as any change to the application might mean a change to the encryption.
“ Ease of use means less need for technical support which saves money. Also, if the solution is non invasive to the authorised users, they will not call on the help desk when they have an encryption problem.
“ Key management is very time consuming and so can be costly on support resources so having central management rather than managing multiple systems all with different interfaces and ways of working is sensible.”
Of course, encryption alone is not good enough as it protects only against the physical theft of a device or storage media. What is needed is application and or user access control linked to the encryption that allows the data owner to decide who can view the data, or who it should be hidden from, and addresses the tricky issue of system administrators who need to know the data is there but should not be able to read it. Encryption should be all about separation of duties.
Similarly, security should not only be deployed in one area, i.e. laptops, it should be wide spread and in multiple layers, encryption is the starting point and should not be considered as a last minute throw in and hope it works. And if you don’t have the knowledge or resources to install and manage an effective encryption strategy consider using an encryption managed service provider who can handle all your data protection needs and give you sound advice on how to protect your digital assets.
“This survey, once again, shows the necessity for and the cost effectiveness of, deploying robust encryption systems. Encryption provides not only security and peace of mind but good returns on investment too. Lets hope its findings are heeded by those in businesses responsible for data over all mediums and levels.”
