May 4, 2011

Self-encrypting drives most effective against data breaches

With more than 82 percent of respondents reporting one or more data breaches, a new Ponemon Institute study on self-encrypting drives found that 70 percent believed that self-encrypting drives “would have had an enormous and positive impact on the protection of sensitive and confidential data.”


Data breaches cost about $214 U.S. per lost record or about $7.2 million per incident.

Ponemon’s study interviewed 517 IT practitioners in financial services, the public sector, retailing, healthcare, technology and other fields who were familiar with self-encrypting drives (SEDs).

SEDs automatically and continuously encrypt data in the drive, with most SEDs today based on a TCG specification. The study found that with software-based encryption, 40 percent of employees regularly turn it off without permission, thereby leaving data unprotected.

IT practitioners rated performance and ease of deployment as the most important aspects of encryption solutions. Sixty-four percent agreed that SEDs provide a faster set-up time, and 59 percent agreed that SEDs provide enhanced scalability in multi-drive situations.

In addition to data breach protection, respondents noted that compliance with state or federal data protection laws is the main driver for encrypting data at rest, including financial documents, employee records and customer data. Respondents note that the types of data that they encrypt include:
  • 89 percent: confidential (57 percent) and non-confidential (32 percent) financial documents
  • 52 percent: trade secrets (34 percent) and intellectual property (18 percent)
  • 41 percent: employee records
  • 39 percent: customer data.
“While self-encrypting drives are a new technology, the IT staff we interviewed believed they are more secure than software-based encryption,” noted Dr. Ponemon. “And it’s apparent that complying with the increasing number of state and federal data protection mandates is driving encryption and interest in SEDs.”

No comments:

Post a Comment