RSA Europe: Card and healthcare protection driving encryption

But say researchers, who conducted this, the second annual survey on behalf of Thales, the data security specialist, lost encryption keys can also cause problems for organisations.

The central driver on the card front, said Thales, is the introduction of the Payment Card Industry Data Security Standard (PCI DSS) and, on the healthcare front, the US Health Information Portability and Accountability Act (HIPAA).

The international 2009 Encryption and Key Management Benchmark Survey was carried out by Trust Catalyst on behalf of Thales and found that 52% of European organisations are planning encryption projects to comply with PCI DSS.

In the US, 53% of organisations are also planning similar projects, but this time driven by HIPAA.

Interestingly, researchers also found significant IT security concerns related to cloud computing, with 52% of respondent firms saying that data security is the chief concern preventing their organisation from adopting the technology.

In addition, when asked about their own firm's plans for cloud computing, 47% said they would not move to the cloud unless data was encrypted and another 43% said that at this time they have no plans to move to the cloud environment.

59% of the 655 respondents to the survey, meanwhile, said they would not allow encryption keys to be managed by a cloud service and just 15% would allow a cloud service to manage their keys.

Frank Greverie, Thales' vice president, said the results show clearly that two of the most important pieces of data - person's card details and their health records - are the main drivers on encryption.

Coupled with regulations designed to safeguard this data, he added that he impact of a data breach is one of the main security headaches for CEOs and IT specialists alike.

"Regulation is already playing a role in terms of tightening data security. The very nature of encryption means that data is secure even if many of the other enterprise security mechanisms fail," he said.

Greverie went on to say that, against this backdrop, both regulators and industry will therefore grow to depend on encryption.

"At the same time, key management and the ability to demonstrate encryption key custody and control will become increasingly important as auditors and regulators look to validate safe harbour," he explained.

"The good news is that encryption is now significantly easier to implement and manage than in the past."

"The security industry and standards bodies have reacted quickly to the increased demand for encryption technologies over the last few years and today there are numerous examples of IT products and systems that include embedded or native encryption capabilities."

A copy of the report can be downloaded from the Thales website.


What’s hot on Infosecurity Magazine?