Very few enterprises in Australia use encryption to protect sensitive data, especially if it involves customer data.
Given the high number of security breaches, Deakin University IT director Craig Warren said it is alarming to learn that so few companies make use of encryption.
While the university doesn't encrypt data, Warren said strict security protocols are in place so encryption could end up being a burden.
"We heavily segment our Virtual Local Area Network (VLAN) and encrypt any password exchange as well as things like human resources information; but we do not encrypt backup tapes and laptops," Warren said.
"Even if you had backup tapes sent offsite most storage companies have clauses in their contracts preventing them from accessing the data. Because of our security, encryption is not an issue for us."
But the reality is only 4.2 percent of companies have an enterprise-wide encryption plan, according to the Ponemon Institute's 2005 National Encryption Survey which was commissioned by the PGP Corporation.
However, Legal.consult's legal and technology director, Andrew Perry, said in Australia the figure translates to less than 4 percent, although the Privacy Act has made business more aware about securing personal information.
Although encryption is seen as an important security tool, it was considered complex and difficult to use.
Survey respondents claim the main reasons for not encrypting sensitive or confidential information was concern about system performance (69 percent), complexity (44 percent) and cost (25 percent).
"As encryption software gets easier to both use and deploy, widespread acceptance should follow," Perry said.
"Today it is easier to encrypt and decrypt which means companies have less of an excuse about whether or not they have data stored on tape or use an offsite storage facility.
"If the relevant network is secure then that is one way of reducing the risk of data theft, but it is ironic if a Web site has an SSL encryption to collect data from a user but then sends that data as a backup from the e-commerce server to an offsite storage site that is transported and stored unencrypted."
Organizations that store a lot of customer data include those in the telecommunications and financial services sector.
For example, a spokesperson for the St George Bank confirmed triple DES encryption is used extensively to protect customer data.
However, Telstra wasn't so willing to disclose such details.
A spokesperson for the telco said privacy is a top priority, but added "we do not feel the need to divulge or confirm if any customer data, either held onsite or off, is encrypted."
Read up on the latest ideas and technologies from companies that sell hardware, software and services. Achieving the impossible: Unlimited application scalability
Delivering the Power of Choice with Microsoft Dynamics CRM
IT Service Management Needs and Adoption Trends: An Analysis of a Global Survey of IT Executives
The state of Middleware
CRM your salespeople will love
Business Intelligence and Enterprise Performance Management: Trends for Emerging Businesses
Email Archiving Implementation: Five Costly Mistakes to Avoid
Solve Exchange Storage Problems Once and For All: A New Approach without Stubs or Links
Zones provide focussed content from Computerworld and leading technology partners.
Discover how SOA can create smarter outcomes for your business.
Attend and learn:
- How SOA is helping leading companies to become more agile
- Where you should be applying SOA processes in your company
- The top SOA implementation mistakes to avoid
Click here for more information.
- +
Computerworld Live Podcast #98: The Future of Datacentre IP 18/12/2008 10:33:00
CW Live speaks withLin Nease, Director of Emerging Business for HP ProCurve, to discuss the future of networks, including the effect of IP-based storage on datacentres, new capacity requirements generated by the use of 10Gb Ethernet, and how an efficient network design can slash energy and cooling costs, and help enterprises build a "green" image. - +
Computerworld Live Podcast #97: The Future of Enterprise Networking 25/07/2008 09:45:36
This week CW Live chats with Mark Thompson, global sales and marketing manager for HP ProCurve, on the future of the enterprise networking. Mark discusses the trends we can expect to see in the near future and how the right infrastructure can ensure your enterprise network is secure. - +
Computerworld Live Podcast #96: Security at the Edge 11/06/2008 09:22:22
CW Live speaks with Amol Mitra, HP ProCurve Director of Marketing for Asia Pacific and Japan. Today's topic: how enterprises are starting to shift away from simply controlling security via server logins, firewalls and moving to more adaptive security frameworks. - +
Data Management Edition #10: Multi-Petascale Systems 02/05/2008 09:12:33
This week we look at sustainability and the development of multicore technologies to build multi-petascale systems. - +
IT Security Edition #11: How to poison the Storm botnet 01/05/2008 08:51:55
This week CW Live presents a case study on how to poison the notorious Storm botnet . Plus we take a look at Cisco's plans for Ironport.
Research software developer appoints Susan Dart to new Business Development Director role 2009-01-08 09:08:00+11
Research software developer appoints Susan Dart to new Business Development Director role 2009-01-08 09:08:00+11
Anyware Introduce Two Powerful PCI TV Tuner Cards with S5 Power Up and Windows Media Center Remote 2009-01-07 17:30:00+11
Fortinet Cures Mobile Phone “Curse of Silence/CurseSMS” Attack 2009-01-07 16:30:00+11
SEAGATE SHIPS DESKTOP HARD DRIVE WITH WORLD’S HIGHEST AREAL DENSITY – 500GB PER DISK 2009-01-06 15:34:00+11
Refresh your AUP: Top tips to ensure your acceptable use policy is fit for purpose
Your organisation may well have devised and implemented an Acceptable Use Policy (AUP) some time ago in order to guard against the risks of inappropriate use of computer systems by your workers, but are you confident that your AUP remains 'fit for purpose'? Read on to discover how you can enhance the effectiveness of your AUP.
