Ingrian(R) Networks, Inc., the leading provider of data privacy solutions, today announced results of a survey the company spearheaded earlier this year of 112 IT executives in the financial services industry. The survey, conducted by InfoTech, the market intelligence and analysis unit of Access Intelligence, shows that while encryption is being used in most financial services organizations, there is a wide-range of deployment scenarios and often times a surprising lack of confidence on behalf of IT executives in their encryption security measures.
A full 89% of respondents stated that regulatory and legislative compliance is elevating the requirement to encrypt sensitive information within their organization. Respondents indicated that the top three regulations driving this rise in encryption´s importance are Sarbanes Oxley, Gramm Leach Bliley and the Patriot Act, because encryption can be an important tool in meeting compliance guidelines. It also increases the IT executives´ overall sense of trust in protecting data-at-rest. When asked about encryption at different levels (application, database, file and disk/storage), only half of the respondents agreed that their company is currently providing adequate encryption security, and only 35% reported that sensitive data stored on tape was encrypted.
“Some of the highest profile security breaches in the financial industry have involved the loss sensitive information from offline storage systems — like discs or tapes,” says Lane F. Cooper, an analyst at InfoTech and author of the survey report. “It seems clear from the results of this survey that there is a perimeter security mentality in the financial services industry in which the focus is about keeping bad people and bad things away from the network. However, the odds are high that at some point firewalls and intrusion detection systems etc…will not prevent a breach from taking place. When that happens encryption is the last logical line of defense. There is a whole new generation of encryption solutions available today, and products like the Ingrian DataSecure Platform can make implementing enterprise-wide encryption strategies a viable option for financial services institutions.”
Based on one-on-one phone interviews with the financial services executives, key survey results include: More than sixty-two percent (62.3%) of respondents agree that their organizations are protecting data at the application level, while 26% disagree or strongly disagree. More than half (51.8%) of respondents agree that their organizations have proper database encryption, while 39.9% disagree. Half (50%) of respondents agree that their organizations are protecting sensitive customer data at the file encryption level, while more than 40% disagree. The lowest confidence rating was in how organizations protect sensitive customer data at the tape encryption level with 35% believing their organizations do an adequate job, and more than 49% disagreeing that it is protected within their organization.
“While a number of financial institutions report confidence in how and where their organizations are encrypting sensitive consumer data, there are still a number of ways to improve,” said Karim Toubba, vice president of product management and corporate strategy for Ingrian Networks. “Our goal is to make sure our customers feel completely satisfied with their encryption security, and to make sure that how and where they are encrypting makes the most sense for their threat model and has minimal impact on other enterprise systems.”