The incredible growth of Information Technology over the last few decades has led to an explosion of corporate data spread throughout an organization on corporate servers, mobile devices, and increasingly on cloud based systems that may be managed by third parties. In many cases, this is sensitive information and there is the potential for corporate data to be compromised. The question is how to maintain control on this data so that it is safe from potential abuse.
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Survey: How Companies Are Securing Critical Data
1. SECUDE - US Full Disk Encryption
2011 Survey
Publication: March 2012
2. Executive Summary
The incredible growth of Information Technology over the last few decades has led to an
explosion of corporate data spread throughout an organization on corporate servers,
mobile devices, and increasingly on cloud based systems that may be managed by third
parties. In many cases, this is sensitive information and there is the potential for
corporate data to be compromised. The question is how to maintain control on this data
so that it is safe from potential abuse.
SECUDE, a global provider of IT data protection solutions, conducted a nationwide
survey in the United States in November 2011. The survey covered 209 participants
across various organizations. Eighty-eight percent of the participants were IT
practitioners.
IT Executives such as CIOs, 18%
CTOs, Directors, and VPs
IT Managers 15%
IT technical staff or relevant 54%
The other participants included non-IT business executives (8%) and other non-IT
business roles (4%).
This research focused on the current status of data encryption technology application
across organizations and user perception towards Full Disk Encryption (FDE) solutions.
The comprehensive survey revealed the following facts:
Fifteen percent of the organizations surveyed do not use any type of encryption
solution in their systems.
o Eighty-seven out of the 209 respondents surveyed stated that their
organizations have not implemented FDE technology. Around 60% of
them do not plan to implement it for the next two years.
Sixty-three percent of the participants stated that their organizations were using
at least two encryption technologies to protect their critical data.
The top two encryption technologies used in the surveyed organizations are Full
Disk Encryption (58%) and E-mail Encryption (46%).
FDE solution users prefer solutions that require less effort in everyday use,
such as:
o Low performance impact on computer system resources
o Transparency to end users
SECUDE - US Full Disk Encryption Survey 2011
2
3. Table of Content
Executive Summary 2
Key Findings 4
Future Adoption of Encryption Technologies 4
Full Disk Encryption Vulnerability Segment 5
File and Folder Encryption Vulnerability Segment 5
E-mail Encryption Vulnerability Segment 6
External Media Encryption Vulnerability Segment 6
What Organizations Are Looking For 7
Recommendation 8
Appendix 9
RESPONDENTS’ PROFILES 9
SYSTEM PROFILES 10
About SECUDE 11
Global SECUDE Locations 11
SECUDE - US Full Disk Encryption Survey 2011
3
4. Key Findings
Current Adoption of Encryption Technologies: About 15% of the organizations
surveyed do not use any type of encryption solution listed in Table 1. The chart below highlights
encryption technology adoption.
Full disk encryption 58%
Email encryption 46%
Network traffic encryption 39%
File/ Folder encryption 33%
External media encryption 31%
Database encryption 25%
None of the above encryption technologies 15%
0% 10% 20% 30% 40% 50% 60% 70%
Table 1: Encryption Technology Adoption
Future Adoption of Encryption Technologies: Full Disk Encryption will be the form of
encryption technology that would be adopted most over the next two years, followed by external
media encryption. The chart below depicts the percentage of encryption technology adoption.
Full disk encryption 41%
Email encryption 22%
Network traffic encryption 20%
File/ Folder encryption 25%
External media encryption 31%
Database encryption 21%
0% 10% 20% 30% 40% 50% 60% 70%
Table 2: Technology Adoption Percentage
SECUDE - US Full Disk Encryption Survey 2011
4
5. Full Disk Encryption Vulnerability Segment: Forty-two percent of the surveyed
respondents stated that their organizations have not implemented Full Disk Encryption technology.
Around 60% of them do not plan to implement it for the next two years.
Relaxed Protection High Risk
Currently using FDE Currently NOT using
BUT WOULD NOT buy FDE and would NOT buy
more within 2 years any within 2 years
33% CURRENTLY
AT RISK 25%
42%
16%
25%
Continuous Protection Potential Enters
Currently using FDE and Currently NOT using
would buy more within FDE but would BUY
2 years within 2 years
Figure 1: Vulnerability Segmentation (Full Disk Encryption)
File and Folder Encryption Vulnerability Segment: The survey reveals that US
organizations might have a high possibility of a data breach incident at the file and folder layer. Over
55% participants revealed that their organizations did not pay much attention to this security area.
Relaxed Protection High Risk
Currently using File and Folder Encryption BUT Currently NOT using File and Folder
WOULD NOT buy more within 2 years Encryption and would NOT buy any
within 2 years
CURRENTLY 56%
20%
AT RISK
13% 67%
11%
Continuous Protection Potential Enters
Currently using File and Folder Encryption Currently NOT using File and Folder Encryption
and would buy more within 2 years BUT would buy within 2 years
Figure 2: Vulnerability Segmentation (File and Folder Encryption)
SECUDE - US Full Disk Encryption Survey 2011
5
6. E-mail Encryption Vulnerability Segment:
Relaxed Protection High Risk
Currently using E-mail Encryption Currently NOT using E-mail
BUT would NOT buy more within Encryption and would NOT buy
2 years more within 2 years
CURRENTLY
35% AT RISK 42%
54% 12%
11%
Potential Enters
Continuous Protection
Currently NOT using E-mail
Currently using E-mail
Encryption BUT would buy more
Encryption and would buy
within 2 years
more within 2 years
Figure 3: Vulnerability Segmentation (E-Mail Encryption)
External Media Encryption Vulnerability Segment:
Relaxed Protection High Risk
Currently using External Media Currently NOT using External
Encryption BUT would NOT buy Media Encryption and would
more within 2 years NOT buy within 2 years
CURRENTLY
21% AT RISK 48%
69% 21%
10%
Continuous Protection Potential enters:
Currently using External Media Currently NOT using External
Encryption and would buy more Media Encryption BUT will buy
within 2 years within 2 years
Figure 4: Vulnerability Segmentation (External Media Encryption)
SECUDE - US Full Disk Encryption Survey 2011
6
7. What Organizations Are Looking For:
All participants were asked to rate how important every feature is for them when choosing a Full
Disk Encryption solution for their organization. They rated based on a 7-point scale that ranged from
‘Not at all important’ to ‘Extremely important’.
Surprisingly, the study found that IT security solution users in the US tend to value core benefits or
features that involve day-to-day interaction (red dot circle - - - -). This finding is in contrast to the
benefits and features that are marketed extensively, such as easy management and additional
security layers that IT security vendors promote.
The following charts highlight usage preferences under the categories:
GENERAL IMAGE
Existing relationship with vendor 13% 10%
Vendor image/ knowledge 27% 16%
Certifications (FIPS, Common criteria) 26% 14%
Price/ Good value for money 33% 34%
0% 20% 40% 60% 80% 100%
Very important Extremely important
USABILITY
Offline helpdesk 19% 16%
Transparency to end-user (little/ no user … 35% 39%
Single sign-on to operating system 33% 25%
Flexible authentication mechanisms 27% 14%
0% 20% 40% 60% 80% 100%
Very important Extremely important
PERFORMANCE
Quick initial encryption 23% 14%
Ability to use the system during initial
22% 19%
encryption
Low performance impact in day to day use 32% 44%
0% 20% 40% 60% 80% 100%
Very important Extremely important
SECUDE - US Full Disk Encryption Survey 2011
7
8. SECURITY
Support Self-Encrypting Drives 30% 13%
Secure Wipe/ Delete/ Erase 33% 24%
Two-factor authentication 29% 10%
0% 20% 40% 60% 80% 100%
Very important Extremely important
MANAGEMENT
Integration into third party management
18% 11%
consoles
Remote deployment and configuration 31% 20%
Central management console 28% 25%
Reporting and auditing 30% 20%
0% 20% 40% 60% 80% 100%
Very important Extremely important
Recommendation
Enterprises are aware of the options available to protect data but few have taken the necessary
steps in the area of Full Disk Encryption. While some have taken this step, an alarming number of
enterprises have not encrypted their laptops and may potentially suffer from a breach when those
laptops are lost or stolen, This will inevitability lead to damage to their brand and reputation as well
as fines and lawsuits which may be in the millions of dollars whether or not there was any harm
done with the lost data. In order to protect corporate data and to comply with legislation in many
states, companies should review their security policies and take the basic first step of encrypting
their laptops through Full Disk Encryption.
SECUDE - US Full Disk Encryption Survey 2011
8
9. Appendix
RESPONDENTS’ PROFILES
Slightly more than half (51%) of the participants were from organizations with more than 1,000
employees.
Organization size (%)
1 - 50 employees 13%
51 - 200 employees 22%
201 - 500 employees 8%
501 - 1,000 employees 6%
1,001 - 5,000 employees 20%
5,001 - 10,000 employees 5%
10,001+ employees 26%
Nevertheless, more than half (59%) of them were working in industries that dealt with massive
personal records or required strong information security.
Vertical Industry (%)
Information Technology 21%
Manufacturing & Construction 11%
Finance/ Insurance 12%
Education 12%
Services 10%
Healthcare 8%
Government Dept/ Agency 6%
Aerospace/ Defense/ Transportation 8%
Utility/ Energy 3%
Consumer Goods 3%
Others 5%
SECUDE - US Full Disk Encryption Survey 2011
9
10. SYSTEM PROFILES
In the United States, Dell is the most popular laptop brand being used following by HP and IBM.
Nearly one third of the companies use Apple.
Popular Laptop Brands (%)
Dell 74%
HP 47%
IBM/Lenovo 45%
Apple 33%
Toshiba 13%
Sony 8%
Acer 5%
Windows 7 and Windows XP are the two most popular operating systems.
Operating Systems (%)
Windows 7 88%
Windows XP 88%
Windows Vista 23%
Windows 2000 18%
Linux flavor 35%
Mac OS X Leopard 18%
Mac OS X Snow Leopard 26%
OSX Lion 20%
Unix flavor 28%
SECUDE - US Full Disk Encryption Survey 2011
10
11. About SECUDE
SECUDE is an innovative global provider of IT data protection solutions.
The company was founded in 1996 as collaboration between SAP AG and the Fraunhofer Institute
in Germany to develop security solutions.
In early 2011, SECUDE sold its business application security solutions to SAP AG in order to
refocus on the core competencies - Endpoint Security. SECUDE helps customers to protect their
sensitive data against loss and theft and as well as to keep compliance to various laws and
industry regulations.
Since December 2011, SECUDE is member of the SAP® PartnerEdge™ program and Value Added
Reseller (VAR) channel partner of SAP Deutschland AG & Co. KG and since February 2012 also
channel partner of SAP (Schweiz) AG. As an SAP VAR, SECUDE offers customers sale of licenses
as well consulting and implementation services of SAP NetWeaver® Single Sign-On, besides its
own solution portfolio.
Today the SECUDE employs over 75 qualified staff and has the trust of a large number of Fortune
500 companies including many of the DAX-listed companies.
SECUDE has offices in Europe, North America and Asia.
For further information please visit www.secude.com and/or contact us on online@secude.com
SECUDE AG
Bergegg 1
6376 Emmetten, NW
Switzerland
Phone: +41 (0) 44 575 1900
Fax : +41 (0) 44 575 1975
Copyright SECUDE AG 2012
SECUDE is a registered trademark of SECUDE AG. Microsoft is a registered trademark of the Microsoft Corporation. Other
product and company names mentioned herein serve for clarification purposes and may be trademarks of their respective
owners.
Global SECUDE Locations
Germany | India | Switzerland | USA | Vietnam
RESEARCH DISCLAIMER
As with all survey research that involves humans, this research too has certain inherent limitations that need to
be considered before drawing inferences from the findings.
Non-Response: The findings of this survey are based on a finite number sample of survey responses.
Survey invitations were sent to a representative sample of IT and non-IT related business functions. Most
of the surveyed entities contributed qualified responses.
Sampling-Frame: Accuracy of the survey is based on valid contact information and the percentage of IT and
non-IT representatives across business disciplines. The results may be biased by external events. As
SECUDE conducted the survey over the Internet, it is possible that non-Web responses (mailed survey
responses or telephone calls) may have drawn different results.
Self-Reported Results: The quality of the survey is based on the integrity of confidential responses
received from respondents. Despite the incorporation of checks and balances in the process, it possible
that certain subjects may have provided untruthful or qualitatively incomplete responses.
SECUDE - US Full Disk Encryption Survey 2011
11