The 2010 Annual Study: U.S. Enterprise Encryption Trends reveals that for the first time regulatory compliance has surpassed data breach mitigation as the top reason why organizations deploy encryption technologies. The report from Symantec and the Ponemon Institute also found that solutions involving encryption have seen the biggest increase in IT budget earmarks over the past year. The fifth annual study on enterprise encryption usage is based on responses from nearly 1,000 U.S.-based senior IT and business managers from 15 different industries.
2. Ponemon and Symantec Research
• Examines the following topics:
• Are companies leveraging encryption technologies?
• What are the key drivers?
• The maturity of an organization’s security and data protection program
• If organizations use a platform approach to managing encryption
• How encryption relates to organizations’ risk management efforts
• How important encryption is for data on mobile devices
• Fifth year Ponemon has conducted this survey
• 964 U.S.-based IT managers and business executives. 38% director level or
higher
• 15 industries
2010 Annual Study: U.S. Enterprise Encryption Trends 2
3. Compliance is #1
• For the first time in five years, regulatory compliance was the
primary reason companies implemented encryption
technologies
– 69 percent of respondents in 2010
– Up five points over 2009, up 25 points over 2006
• Mitigating data breaches slips to the #2 spot
– 63 percent of respondents in 2010
– Down four points from 2009
HIPAA, state privacy laws are top concerns among U.S.
enterprises
2010 Annual Study: U.S. Enterprise Encryption Trends 3
4. Data Breaches Are on the Rise
88 percent of respondents report they had at least one
breach in 2010, up three points from 2009
•23 percent had only one breach – consistent with
2009
•40 percent had 2-5 breaches – consistent with 2009
The group that experienced more than five is the
only group that grew, up 3 points from 2009, up
12 points from 2008
2010 Annual Study: U.S. Enterprise Encryption Trends 4
5. Data Protection in the Risk Management Spotlight
An overwhelming majority of respondents have given data
protection top priority
• 93 percent stated that data protection is a "very important" or
"important" part of their overall risk management efforts.
– Nearly three-quarters (73 percent) consider data protection “very
important,” up 12 points from 2009.
• Only 2 percent are unsure of data protection’s role in risk
management, down from 12 percent in 2009.
• Respondents who called data protection “not important”
dropped by nearly a half:
– 5 percent in 2010
– 9 percent in 2009
2010 Annual Study: U.S. Enterprise Encryption Trends 5
6. More Companies Implementing Encryption
• Not surprisingly, more companies have implemented, or plan to
implement, data encryption technology.
• 84 percent of respondents have either fully executed or are in
the process of implementing, encryption technology.
– Represents a two point increase over 2009 and 5 point over 2008.
2010 Annual Study: U.S. Enterprise Encryption Trends 6
7. Higher Priority = More Budget Dollars
Technology solutions with encryption are receiving the
largest increases in IT budgets
• 2010 earmarks for encryption solutions are up 9
percent from 2009 and 12 percent since 2008.
• Endpoint security solutions including laptop encryption
are up 10 percent from 2009 and 11 percent from
2008.
• Key management for encryption solutions in 2010 rose
9 percent over 2009 and 10 percent over 2008.
2010 Annual Study: U.S. Enterprise Encryption Trends 7
8. Full Disk Encryption is Gaining…
Most popular encryption technologies in 2010:
1.File server encryption:62 percent
2.Full disk encryption:59 percent*
3.Database encryption: 57 percent
*Full disk encryption is the fastest-growing, moving into the #2
spot, up 5 percent from 2009 and up 15 percent since 2007.
2010 Annual Study: U.S. Enterprise Encryption Trends 8
9. In Summary
• Key Findings:
– Data breaches continue to rise and become more severe
– Regulatory compliance surpasses mitigating data breaches as
the primary driver behind companies implementing
encryption
– More companies have implemented/are implementing
encryption technologies than in 2009
– Data protection is increasingly viewed as a mission-critical
element of overall risk management
– Encryption technology receiving increasing number of
earmarks in companies’ IT budgets
Presentation Identifier Goes Here 9