IT leaders ignoring encryption

Encryption is still regarded as difficult to deploy

European IT decision makers are still failing to adequately address information security, despite over half admitting that they suffered a security breach last year, according to new research.

Datacentre solutions provider Brocade interviewed 4,500 senior European IT leaders in the UK, France and Germany late last year. Although four out of five agreed that data security is one of the biggest challenges facing their organisation, few appear to be addressing the problem.

Seventy per cent of the companies that had suffered a breach stated that the lost data was not encrypted, even though 82 per cent agreed that encryption technologies could have mitigated the risk.

Mike Murphy, European director of marketing at Brocade, argued that organisations have shunned encryption technology principally because of its reputation as difficult to deploy and an inhibitor to performance.

"Encryption is like insurance, in that there is no tangible return on investment. But nevertheless we are starting to see budgets shift this way," he said.

Murphy also cited Gartner research published in November, which predicted that compliance pressures from 2008 through to 2010 will force all organisations to adopt best practices for encrypting sensitive information in the enterprise.

In related news, a new study by data protection firm Absolute Software found that half of business managers disable their laptop's encryption, while two-thirds either keep a written record of their encryption password, or share it with others in case they forget it.

"These statistics are especially disconcerting when combined with our recent studies demonstrating that lost or stolen laptops are the number one cause of data loss, and that three out of four companies experienced a data breach when a laptop was lost or stolen," said Larry Ponemon, founder of the Ponemon Institute, which carried out the research.