Venafi, the inventor of and market leader in Enterprise Key and Certificate Management (EKCM) solutions, today announced the second set of findings from its InfoSecurity 2011 survey. Respondents from over 500 IT professionals reported that chief executive officers of modern companies often lack access to their own sensitive data. When asked who had the easiest access to their company’s most sensitive data, 65 percent said that the IT department had the easiest access, with the CEO at 30 percent, management at 8 percent, the HR department at 7 percent and legal at 5 percent.
The survey also revealed that if the person responsible for managing an organisation’s encryption keys were to leave, 23 percent worried that they would not have access to valuable, encrypted data. This survey follows on from Venafi’s last survey, which found that 40 percent of IT staff admitted that they could hold their employers hostage—even after leaving for other employment—by withholding or hiding encryption keys, making it difficult or impossible for management to access vital data.
A third of survey respondents said that their knowledge of and access to encryption keys, coupled with their organisations’ lack of oversight and poor key and certificate management controls, meant they could bring the company to a grinding halt with minimal effort and little to stop them. Organisations have deployed multi-layer defense systems designed to protect against threats from entering the network and sensitive information from leaving it, yet breaches still occur. The problem is not technology but an inability to manage technology correctly. The survey is an additional reminder that CEOs and boards of directors have not taken appropriate action to protect critical information, and that they continue to allow their IT departments to dictate what data they have access to and how easy it is to access the valuable and often regulated data.
A surprising 24 percent said that the fear of losing encryption keys was deterring them from investing in encryption technologies. This shows that recent major data breaches have almost paralysed some organisations, which are afraid to improve their IT security for fear of making things worse—or just do not trust their IT departments to handle encryption technology effectively.
“Encryption management has become a big issue for companies worldwide. Encryption is the last line of defense in protecting data against loss or compromise,” said Jeff Hudson, Venafi CEO. “Companies are finding out how important encryption is when they have experienced a huge data breech because they weren’t using encryption. Then they find out that when they deploy encryption they have another big problem and that is managing the encryption keys. Encryption is only half the solution – you need to know where the keys are and they find that the only way to manage the keys is with an automated certificate and key management system. Once the data’s protected with encryption, the key becomes the data and the thing that must be managed and protected. What this survey reveals is that organisations have to quickly get to grips with automating key and certificate management—the keys are crucial to safeguarding your whole enterprise.”
The survey is based on a sample of 500 IT security specialists taken at InfoSecurity 2011 this year. Link to executive summary.
Venafi is the market leading cybersecurity company in Next-Generation Trust Protection. As a Gartner-recognized Cool Vendor, Venafi delivered the first trust protection platform to secure cryptographic keys and digital certificates that every business and government depend on for secure communications, commerce, computing, and mobility. With little to no visibility into how the tens of thousands of keys and certificates in the average enterprise are used, no ability to enforce policy, and no ability to detect or respond to anomalies and increased threats, organizations that blindly trust keys and certificates are at increased risk of costly attacks, data breaches, audit failures and unplanned outages.
As part of any enterprise infrastructure protection strategy, Venafi Director helps organizations regain control over trust in the cloud, on mobile devices, applications, virtual machines and network devices by protecting Any Key. Any Certificate. Anywhere™. Venafi prevents attacks on trust with automated discovery and intelligent policy enforcement, detects and reports on anomalous activity, and remediates errors and attacks by automatically replacing misconfigured and compromised keys and certificates. Venafi Threat Center provides primary research and threat intelligence for trust-based attacks.
Selected as a 2013 FiReStarter and Red Herring Top 100 company, Venafi customers are among the world’s most demanding, security-conscious Global 2000 organizations in financial services, insurance, high tech, telecommunications, aerospace, manufacturing, healthcare and retail. Venafi is backed by top-tier venture capital funds, including Foundation Capital, Pelion Venture Partners and Origin Partners. For more information, visit www.venafi.com.