Emerald Business Systems Blog

Study Finds Protecting Credit Card and Patient Data Drives IT Spending Yet Most Organizations Still at Risk

Posted in Uncategorized by ebs4pos on October 30, 2009

Business & Finance
Oddly Enough
Special Coverage
Your View
The Great Debate
Reader Feedback
Do More With Reuters
Your View
Make Reuters My Homepage
Partner Services
Affiliate Network
Professional Products
Support (Customer Zone)
Reuters Media
Financial Products
About Thomson Reuters
Study Finds Protecting Credit Card and Patient Data Drives IT Spending Yet Most Organizations Still at Risk
Tue Oct 20, 2009 9:15am EDT

Email | Print |
| Reprints | Single Page
[-] Text [+]
Featured Broker sponsored link

Study Finds Protecting Credit Card and Patient Data Drives IT Spending Yet
Most Organizations Still at Risk
Less than half encrypt backup tapes, full disks and databases while nearly 20
percent said they would wait for a data breach before they encrypt tapes

SAUSALITO, Calif., Oct. 20 /PRNewswire/ — Trust Catalyst, a research firm
helping companies build data protection strategies that strengthen customers’
trust — today announced the findings of its second annual 2009 Encryption and
Key Management Benchmark Report which surveyed more than 600 IT security
professionals and was sponsored by Thales.

The study found 41 percent surveyed encrypt backup tapes, 43 percent encrypt
databases and 49% encrypt full disks, despite the growing number of new
industry, state and national data protection regulations. While participants
indicated the protection of health care and credit card data was driving
future IT spending, 19 percent said they would wait for a data breach before
they would encrypt tapes. This data left unprotected in databases and backup
tapes causes these organizations to be at higher risk for a data breach.

The study revealed the primary obstacles preventing organizations from
encrypting these applications were due to concerns about cost and data
availability. Once data is encrypted, participants fear they could lose this
data or it would not be available when it was needed causing a business
disruption even though twice as many surveyed admitted to a data breach than
losing data because of a lost encryption key.

“Given the nature of new data breach regulations, organizations no longer have
the luxury of time to wait and encrypt credit card and healthcare data because
of data availability concerns,” said Kimberly Getgen, Principal of Trust
Catalyst. “With less than 50 percent of participants encrypting backup tapes
and nearly 20 percent of respondents saying it would take the pain of a data
breach to get their organization to reverse their decision, too many
organizations, customers and patients are needlessly at risk.”

Here are some of the study’s key findings:

— Patient and Credit Card Data Protection Drives IT Budgets. 53.9
indicated they were allocating budget for PCI DSS, 28.9% for HIPAA and
22.4% for the EU Data Privacy Directive. HIPAA was the number one
allocator of new budgets for US participants.
— Cost of encryption remains top concern. Participants express that
remains the single most important factor preventing data that “should”
be encrypted from being encrypted. Over half cited the cost of the
encryption solution (26%) or the cost of managing the encryption
solution (25%) as their primary obstacles for being able to bring
encryption into their organizations where it is needed most.
— Operational concerns delaying encryption projects. The decision to
postpone encryption is often because operational efficiencies like
availability of data and performance are seen as more important than
data protection. For example, when asked specifically about what was
preventing them from encrypting databases, it was the complexity of
managing keys that was identified as the primary obstacle preventing
participants from encrypting backup tapes (24%). Here, participants
said availability was far more important than confidentiality.

— Cloud computing not ready for prime time. 52.1 percent of
cite data security concerns as being the number one barrier preventing
their organization from adopting cloud computing. 42.6 percent of
survey participants said they were not currently planning on moving to
the cloud while another 46.5% said they would wait until data is
encrypted before moving. 58.8 percent said they would want to manage
their own encryption keys if encrypted data was moved to the cloud.

The full 2009 Encryption and Key Management Benchmark report can be downloaded
from http://www.trustcatalyst.com/2009EncryptionSurvey.php


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: