One of the most recognized and mandated security controls, installed encryption protects only 4 percent of breached files; survey shows 68 percent of organizations are concerned about the lack of control over their files as they travel outside of the network and only 26 percent have the ability to locate and revoke access quickly
PALO ALTO, Calif. – January 15, 2019 — VERA, a leading next-generation data security company today announced its latest research report “The State of Enterprise Encryption and How to Improve It” revealing the challenges organizations face achieving data protection performance and returns on their deployed encryption technology. The report reveals stark numbers behind the mounting toll of data breaches triggered by cybercrime and accidents. One of the most recognized and mandated security controls, installed encryption tools protect just four percent of breached files. Meanwhile, the report reveals that compliance-focused mindsets and perimeter-driven encryption deployments keep organizations’ encryption investments fundamentally misaligned with how employees and business partners use crown jewel data.
In partnership with UBM, VERA surveyed cybersecurity and IT decision-makers at North American organizations across healthcare, finance, government and other industries to understand how enterprises value and use encryption and access control technologies. Sixty-one percent of respondents believe compliance drives the need for encryption, not users’ data protection, heightening the disconnect between encryption and security. Conversely, in order to ensure the security of files that are distributed or shared, 41 percent of companies resort to banning the use of file-sharing sites, hindering productivity and collaboration.
“Our report confirms what security, privacy and risk professionals are realizing – the speed and scale of how data moves across fluid organizations and their partners today is the biggest factor upending data protection,” said Carlos Delatorre, Chief Executive Officer at VERA. “In the current post-cloud, collaborative environment, organizations must secure and protect data throughout its entire lifecycle. Always-on file security enables them to do that seamlessly, effectively while remaining compliant with regulations. The news is not all bad – organizations reorienting operations around more collaborative cloud and mobile fabrics are at a crossroads where they can capitalize on these changes to seamlessly add far more effective visibility and access controls.”
Highlights from VERA’s report include:
• Almost two-thirds of respondents rely on their employees to follow security policies to ensure the security of distributed files, yet 69 percent are very concerned about their lack of control when files are sent outside of the network or placed in cloud collaboration.
• Only 35 percent of respondents build encryption into security processes and procedures across the board, while others cite difficulties with deploying encryption properly as the reason it is deprioritized.
• Digital rights management is only used by 26 percent of respondents, with antivirus predominantly seen and used as the main preventative security technology.
VERA’s Recommendations for IT and Security Teams:
• Follow the workflow to find hidden data exposures: Encryption mechanisms often cannot keep up with data and users’ changing roles. Study how employees actually use data to pinpoint areas where encryption cannot reach, or is disabled out of necessity.
• Resist “attack only” thinking: Well-meaning employees who make mistakes outnumber malicious threats in most organizations, yet exotic malware in the headlines can skew cyber risk thinking to focus on distracting “What if?” attack scenarios rather than building in visibility to help employees and managers contain accidental data spills and enforce policies.
• Align resources to cohesively tackle cloud, mobile and third-party forces: Multiplying mobile devices and business partners present a dizzying array of new places data must travel. However, routing this data access through approved cloud and other centralized services helps IT, security and business leaders restore visibility and consolidate control by infusing these platforms with embedded encryption and access controls over files.
Meet with VERA at RSA Conference 2019
•VERA experts will be meeting with customers, partners and other attendees at RSA Conference, March 4-8 at the Moscone Center in San Francisco.
•Contact [email@example.com] to arrange a meeting and visit VERA’s booth, #2260, South Expo Hall
VERA is a next-generation data security company enabling businesses of all sizes to secure, track and share any kind of data, no matter where it’s stored or located. With robust policy enforcement, strong encryption, and strict access controls, VERA’s data-centric security solution enables employees to collaborate freely while ensuring the highest levels of security, visibility, and control. For more information, visit www.vera.com.