64% organisations fail on cloud encryption best practices

One of the most interesting conclusions of the research is that 64% of organisations are failing to meet cloud data encryption best practices, whilst 55% are failing to meet certificate authority (CA) compromise recovery plan best practices.

The research - which is being released at the Black Hat security event in Las Vegas today - is based on information from around 420 enterprise and government agency organisations and their ranking of 12 IT security and compliance best practices.

To establish best practices baselines, Venafi says it collaborated with Echelon One, a security research firm that that specialises in helping Fortune 500 organisations develop comprehensive information security programs.

The report based on the research says that the majority of organisations are failing to adhere to simple data protection standards and, in many cases, are fully unaware of what security practices are currently in place.

Bob West, founder and CEO of Echelon One, says that the findings were startling as, whilst his team suspected they would find that many organisations were challenged, they had no idea that failure rates would run this high.

"The good news is that with this information and self-assessment, organisations can see where they rank in comparison to peers", he said, adding they can also determine where weaknesses exist.

In addition, he says, organisations can identify steps they can take to significantly reduce security and compliance risks by using automated processes and data security strategies.

Delving into the report reveals that organisations should be encrypting all their cloud data.

Because cloud applications such as Salesforce.com, Google Apps and other cloud applications do not encrypt by default, the report recommends that organisations deploy third-party technologies that encrypt cloud data in motion and at rest in order to enhance their security and privacy.

Another interesting recommendation is that organisations rotate their SSH keys every 12 months in order to mitigate the risk incurred by the average employee life cycle of two years of service.

According to Jeff Hudson, Venafi's CEO, the biggest security struggle organisations face today is managing the unknown - aka the unquantified and unmanaged risks.

"Your best security assets can easily turn into liabilities if not managed properly" he said, adding that if this research demonstrates anything, it is that IT and security departments must attain greater visibility over all of their security and compliance activities.

They must also, he explained, take steps to better understand and manage their security and compliance activities.

What’s Hot on Infosecurity Magazine?