Risk Mitigation

When I attended the Gartner Security & Risk Management summit a couple of weeks ago, I attended a session about Encryption Planning Made Simple. It was a good look at some of the issues facing organizations today and the barriers to the adoption of data encryption solutions.

One of the key points of discussion for this session was the fact that many things are changing in the market today. What was once a very stable market historically is now experiencing huge changes thanks to various regulations being evaluated by government or things like cloud storage solutions. So while data storage encryption isn’t mandatory for the majority of organizations, it’s suddenly becoming a very hot topic. A great statistic presented by Gartner in this session was:

“By 2016 only 25% of enterprise located within data breach notification jurisdictions, will encrypt centrally stored personal or health data.”

Given the number breaches in the last year alone at various healthcare and other organizations, this is a staggering number. But what’s driving this is the fact many of the regulations out there aren’t mandatory… yet. The end message was that organizations really need to evaluate the various regulations and balance them against security controls and risk mitigation issues when considering how to best deploy encryption solutions.

Tying into the concept of regulations, is the impact of cloud and how that affects an organization and the data they’re storing. Many cloud providers aren’t local to a particular country and that could mean data is stored across borders and jurisdictions. What does that mean when legal protection is required? Additionally, what about countries that required specific security requirements for the privacy of data? If it’s in the cloud in another country or jurisdiction is that requirement still valid?

What it all came down to when discussing the risks and benefits is the fact that data encryption solutions offer risk mitigation. They’re like insurance in the event data is lost or stolen. They can help minimize the requirements for reporting data loss (if encrypted) and when dealing with the cloud, offer better protection than the ‘built-in’ security cloud providers offer.

Right now, the cloud is one of the most complicated issues surrounding data encryption and security. The goal should be to encrypt data in the cloud but keep keys locally with the organization. It sounds simple but it’s a tricky subject matter. We’re working to address this solution for customers and hope to be able to show off something pretty cool in the near future.

Previous Post
Emergency Services Organization Need Protection Too
Next Post
All for One

Related Posts

Enabling the IT Security Admin

Pre-boot Network Authentication (PBNA). It’s a technology we’ve been talking about for the better part of a couple of years now, but now it’s really starting to take off. (more…)

The “Key” to Playing it Safe

Apple this week rolled out a new version of its operating system running mobile devices such as iPads and iPhones. It also announced it will no longer be able to comply with requests of law enforcement to unlock the encryption…
Read more

Securing Data With BitLocker, Without the Cost

Even the “freest” of features bring costs. A case in point is Microsoft’s BitLocker solution. While popular as a method for encrypting data at rest, BitLocker is certainly not free even though it is included within certain editions of the…
Read more

SEDs, Sleep and Hibernation

I have written about the security implications of using sleep with encrypted drives in the past  and have offered both short term and longer term solutions that would allow users to use sleep under some conditions and not risk (too…

Leave a Reply

Your email address will not be published. Required fields are marked *

Fill out this field
Fill out this field
Please enter a valid email address.

Contact Us

This will close in 15 seconds