Last week I attended SC Congress in New York and did a presentation talking about the results of our study with the Ponemon Institute and the cost of data encryption solutions.
It was a good event, well attended and there was great turnout at the session I presented at. What really resonated though was the nodding heads when walking through the information. Engaging the audience is always important when presenting, but getting agreement on key findings and data in general, is always refreshing if not comforting. It helps validate what we did, why we did it and why we think it’s important.
I think it’s extremely important today to dispel the myth that ‘free’ OS-bundled encryption is a sufficient solution for customers. The vast majority of the time, it’s not. I don’t think I’m alone in the belief that nothing in life is ever ‘free’ and if it is you’re getting what you pay for.
What was revealed in the Ponemon study was that when looking at the overall costs associated with data encryption and security solutions, the actual cost of a software license is a small, small factor in the overall scheme of things. In actual fact, the majority of costs associated with data encryption solutions come from time spent managing them by IT administrators and downtime experienced by users.
The fact is, while OS-bundled encryption is ‘free’ it’s no less complex than a traditional data encryption solution, but in many respects is less robust and poses more headaches than gains. These solutions tend to be very rigid offering little flexibility, specific to one OS and while claiming to be easy to use, are actually quite complex, especially from an administration standpoint.
OS-bundled encryption is great, if you need ‘good enough’ security. If you need something that is one-dimensional and doesn’t offer the flexibility most organizations require for a multi-platform environment, then it’s ideal.
We are regularly compared against these types of solutions and it’s always a challenging argument. In a world where the bottom line is king and overhead costs are trying to be reduced, the perception that you’re getting your data security for free is too compelling to pass up. It’s not until after it’s implemented that most organizations find it’s not the ideal solution and the cost of administering this ‘free’ solution is more than they could have possibly anticipated.