There is the growing realization that encryption is good, but it’s not good enough. Encryption is only a part of the picture because it, as with many data protection technologies, is not infallible. Technology alone will never give complete protection to data. Right now, as many as 90% of data security incidents can be tied back to people: to mistakes or intentional misbehaviour. Take encryption: if your employees disable it, how can it be effective? As many as 40% of executives admitted in a 2014 study to turning off laptop encryption.
Right now, global estimates show about a third of organizations are using encryption, with more protecting data in transit than data at rest. One of the drivers increasing encryption use is the ability to avoid disclosure of a data breach if it can be proved that data was encrypted. With the average cost of a data breach now over $3.79 million, an investment in encryption can save millions of dollars.
The only way to avoid a security incident from becoming a publicly disclosed data breach is to prove the data was encrypted and remains protected. Given the high rates of encryption being badly deployed, or bypassed, we are seeing increased pressure on organizations to prove that encryption was effective. Having a comprehensive audit report on the status of encryption, which we provide with Absolute DDS, allows you to prove compliance.
While encryption could save on breach costs, does it protect against data loss? Encryption is imperfect, but does offer one layer of protection for data. At Absolute, we believe in layered defences, so that if one layer is breached (externally or by mistake), another layer is there to pick up the slack. For example, with Absolute DDS, you can remotely recover or delete data, with policies to ensure data is automatically protected in risky situations, predefined by you. So, if encryption is turned off, a device can be automatically locked.
With more endpoint devices than ever being used in the organization, the potential for ‘people’ to intentionally or mistakenly impact data security is growing. As we’ve discussed in an earlier article, "The Endpoint Is Back on the Agenda (and It’s a Huge Security Threat),” it’s imperative that you have visibility over devices that contain data or network access. Knowing where your endpoints are, what data they store, and what security tools are active and enabled helps you maintain visibility and prove compliance. Learn more about how we can help at Absolute.com