Departing IT staff could cause encryption key havoc

According to key management specialist Venafi, which sponsored the survey of 500 IT professionals at last month's Infosecurity Europe show, 43% of management claim to have been denied access to information because they can't find their encryption keys.

A third of survey respondents said that their knowledge of and access to encryption keys means they could bring the company to a grinding halt with minimal effort – and with little to stop them.

This, claims Venafi, is due to lack of oversight and poor management of their organisation's encryption keys.

Many organisations, says the company, could find themselves in this position if the person responsible for overseeing vital information left, with no systems being in place to ensure that vital data they are working on can be retrieved.

Twenty-three percent of survey respondents admitted they would not be able to access their encrypted data, leaving them vulnerable to data breaches and loss.

The survey also found that 82% of companies now use digital certificates and keys; however, 43% admit to being locked out from their own information – perhaps because people have left the organisation or keys are lost – and 76% would use automation, if they knew it existed.

These same companies, claims Venafi, are unaware of how to manage their keys and certificates, leaving them open to a total lock-out from their own information.

Jeff Hudson, the firm's CEO, said that it is a shame that so many people have been sold encryption but not the means or knowledge to manage it.

"They have found out the hard way – after being locked out from their own information – that they need an automated solution to manage the thousands of keys and certificates they have", he said.

"Once the data's protected with encryption, the key becomes the data and the thing that must be managed and protected. Key encryption is only half the solution – you need to know where the keys are", he added.

According to Hudson, what this survey reveals is that organisations have to quickly get to grips with automating key and certificate management.

The keys, he explained, are crucial to safeguarding your whole enterprise. "It's no longer rocket science", he said.

What’s hot on Infosecurity Magazine?