• 0Shopping Cart
Avasant
  • NEW TO AVASANT?

    Sign Up
  • Management Consulting
    • Strategic Sourcing
    • Digital Transformation
    • IT & Business Transformation
    • Software Selection
    • Governance, Risk & Compliance
    • Global Development
    • Avasant Law
  • Industries
    • Aerospace & Defense
    • Banking, Financial Services & Insurance
    • Energy & Resources
    • Healthcare & Life Sciences
    • High Tech & Telecommunications
    • Media & Entertainment
    • Private Equity
    • Public Sector
    • Retail & Manufacturing
    • Social Impact Institutions
    • Travel & Transportation
  • Research & Data
    • Access Reports
    • RadarView™ – Market Assessments
    • Computer Economics™ – IT Metrics
    • Global Equations™ – Country Data and Index
    • Avasant Beyond
    • Coronavirus Resource Center
    • Avasant Labs
    • AvaMark™
    • AvaSense™
    • Strativa®
  • Benchmarking
    • IT Spending Benchmark
    • TCO and Spend Transparency Analysis
    • Staffing and Salary Benchmark
    • IT Infrastructure Services Benchmark
    • Digital and Application Services Benchmark
    • BPO Services Benchmark
    • Cloud Enterprise Agreements Benchmark
    • IT Software License Benchmark
  • Events
    • Event Calendar
    • About Empowering Beyond Events
    • Executive Spotlights
    • Partner With Avasant Events
  • Why Us
    • Vision and Values
    • Industry Recognition
    • Leadership Team
    • Avasant Global Team
    • Avasant Fellows
    • Corporate Social Responsibility
    • Press Releases and Media
    • Avasant Foundation
  • Contact
  • Column 1
    • What We Do
      • Strategic Sourcing
      • Digital Transformation
      • IT & Business Transformation
      • Software Selection
      • Governance, Risk & Compliance
      • Global Development
      • Benchmarking
      • Avasant Law
    • Avasant Research & Data
      • Access Reports
      • RadarView™ – Market Assessments
      • Computer Economics™ – IT Metrics
      • Global Equations™ – Country Data and Index
      • Videos
      • Avasant Beyond
      • Coronavirus Resource Center
  • Column 2
    • Who We Serve
      • Aerospace & Defense
      • Banking, Financial Services & Insurance
      • Energy & Resources
      • Healthcare & Life Sciences
      • High Tech & Telecommunications
      • Media & Entertainment
      • Private Equity
      • Public Sector
      • Retail & Manufacturing
      • Social Impact Institutions
      • Travel & Transportation
    • Powered by Avasant Labs
      • AvaMark™
      • AvaSense™
      • Strativa®
  • Column 3
    • Why Us
      • Corporate Overview
      • Vision and Values
      • Industry Recognition
      • Leadership Team
      • Avasant Global Team
      • Avasant Fellows
      • Corporate Social Responsibility
      • Press Releases and Media
      • Avasant Foundation
  • Column 4
    • Contact
      • Submit RFP
      • Regional Contacts
      • Careers
    • Event Calendar
      • About Empowering Beyond Events
      • Executive Spotlights
      • Partner With Avasant Events
  • LinkedIn
  • Twitter
  • Youtube
  • Facebook
Login
Login to get free content each month and build your personal library at Avasant.com

Forgot your password?
Reset Password
Enter email address to reset your password.

Back to Login
New to Avasant?
Click on the button below to Sign Up

Sign Up

Contact Us

  • Home
  • Access Reports
  • RadarView™
    Market Assessments
  • Computer Economics™
    IT Metrics
  • Strativa®
    Analytics
  • Global Equations™
    Location Intelligence
  • Avasant Distinguished Fellows
  • Request a Consultation
  • My Account
Back

Neglect of Encryption a Prescription for Disaster

February, 2021

Encryption is a best practice for protecting sensitive information, yet far too many companies are lackadaisical when it comes to encrypting data. Their neglect is a prescription for disaster, as many have learned—most notably Equifax in 2017.

Companies that do not routinely encrypt sensitive data face ugly consequences: Unauthorized individuals might steal data in compromised accounts and gain access to unencrypted data. That is why encryption is often mandated by security regulations.

As shown in Figure 3 from our full report, Encryption Adoption and Best Practices, 15% of our survey respondents encrypt data informally, while 26% do so formally but inconsistently. This may mean that they only encrypt data in certain applications, for certain personnel, or in specific locations but not others. Whatever the reason for inconsistency, this is an area of concern for executives determined to close the door to cybercriminals. The fact that only 46% practice encryption formally and consistently is surprising.

Fig3Encryption2021 1030x687 - Neglect of Encryption a Prescription for Disaster

 

“Encryption is not something where you can just set it and forget it,” said Tom Dunlap, director of research for Computer Economics, a service of Avasant Research, based in Los Angeles. “An organization’s systems are constantly changing, and it’s very easy for new systems to go into production with unencrypted datasets. So you have to periodically audit for compliance.”

Data theft is very much on the rise. Each year, hundreds of millions of sensitive personal records are exposed by hackers and cybercriminals. Encryption is regarded as an essential security control and part of a company’s security policies and procedures. It is an advisable practice for every organization, especially those processing personal information or other highly confidential data.

Take the case of the Equifax breach in 2017, which serves as an example of encryption inconsistency. The device inspecting encrypted traffic was misconfigured, because the digital certificate had expired almost a year previously. This was one of the vulnerabilities that enabled hackers to compromise the personal information of 155 million people, leading to massive consequences not only for those whose information was compromised, but also for Equifax and its senior leadership, many of whom were terminated.

Another area of inconsistency relates to where encryption is performed. Data is at risk when it is at rest in a database or storage repository and also when it is in transit over a network. Consistent encryption requires the protection of data in both states. Yet some companies only encrypt data in one of these states, potentially exposing their data to attack.

The full report begins with a definition of encryption. We next study the adoption and practice levels and examine those by organization size and sector. We conclude with best-practice recommendations.


This Research Byte is a brief overview of our report, Encryption Adoption and Best Practices. The full report is available at no charge for Avasant Research subscribers or may be purchased directly from our website (click for pricing).


 

Related Reports

  • automation 2710335 1920 1 600x400 - Speeding Up Process Identification for Automation

    Speeding Up Process Identification for Automation

  • Hybrid Enterprise Cloud Services 2018 RadarViewTM e1591109391365 600x400 - Hybrid Enterprise Cloud Services Radarview 2018 - Service Provider Profiles

    Hybrid Enterprise Cloud Services Radarview 2018 – Service Provider Profiles

  • communication 1927697 1920 600x400 - Enterprise Internet of Things Trends Shaping the Market

    Enterprise Internet of Things Trends Shaping the Market

  • cloud 3805852 640 600x400 - Hybrid Enterprise Cloud Environments: Foundation for True Enterprise Digital Transformation

    Hybrid Enterprise Cloud Environments: Foundation for True Enterprise Digital Transformation

DISCLAIMER:

Avasant's research and other publications are based on information from the best available sources and Avasant's independent assessment and analysis at the time of publication. Avasant takes no responsibility and assumes no liability for any error/omission or the accuracy of information contained in its research publications. Avasant does not endorse any provider, product or service described in its RadarView™ publications or any other research publications that it makes available to its users, and does not advise users to select only those providers recognized in these publications. Avasant disclaims all warranties, expressed or implied, including any warranties of merchantability or fitness for a particular purpose. None of the graphics, descriptions, research, excerpts, samples or any other content provided in the report(s) or any of its research publications may be reprinted, reproduced, redistributed or used for any external commercial purpose without prior permission from Avasant, LLC. All rights are reserved by Avasant, LLC.

 

Avasant Companies

  • Avasant LLC
  • Avasant Law LLP
  • AvaSense Inc.
  • Avasant Beyond

Contact

  • Contact
  • Privacy Policy
  • Terms of Use
  • LinkedIn
  • Twitter
  • Youtube
  • Facebook
Footer Logo
© Copyright 2021 - Avasant and affiliated companies
ERP Support Staffing Ratios 2021 Fig1ERPstaffing2021 80x80 - Neglect of Encryption a Prescription for Disaster ITstaffingRatiosFullBundle 80x80 - Neglect of Encryption a Prescription for Disaster IT Staffing Ratios: Benchmarking Metrics and Analysis for 16 Key IT Job Fun...
Scroll to top