Redwood City, Calif. - When asked about the importance of securing data and the confidence in how well data is secured using encryption technology, there was a significant split among respondents to a recent survey conducted by Ingrian Networks Inc. Fifty-four percent of financial services IT executives agreed or strongly agreed that encrypting "data at rest" is a high priority for their organization, while 39% disagreed or strongly disagreed that it is a high priority."The financial services industry is at a crossroads when it comes to security in general and enterprise encryption strategies in particular," says Lane F. Cooper, director, InfoTech and author of the study.
"While a tremendous amount of effort is being expended by the financial services sector to protect communications and information resources through increasingly hardened perimeter security measures, the fact remains that most organizations are likely to experience a significant security incident in the foreseeable future. Encryption is the last line of defense should a major breach occur, and huge segments of the financial services sector are not well prepared to protect this data at rest. There is a growing realization in the industry that this needs to be addressed. The research conducted by InfoTech strongly suggests that we can expect to see encryption play a much larger role in the security mix of financial services organizations by the end of the decade."
Ingrian Networks Inc., a provider of data privacy solutions, spearheaded the survey of 112 IT executives in the financial services industry. Conducted by InfoTech, a unit of Access Intelligence, the survey was designed to provide insight into security measures currently being undertaken by the financial services industry, attitudes toward the security of consumer information, and the drivers such as legislative mandates and the increasing awareness of security breaches behind current security projects.
The 112 survey respondents comprised directors, vice presidents and C-level executives of IT and/or security from the financial services industry. The largest segments of the respondents work in retail banking (37.7%) and commercial banking (32.1%), with the remaining respondents working in investment banking, securities/commodity trading, insurance and credit unions.
Based on one-on-one phone interviews with the financial services executives, the survey results highlighted the following findings:
Compliance is driving the move toward encrypting sensitive information with 87% of respondents agreeing or strongly agreeing with the statements "Regulatory/legislative compliance is elevating the requirement to encrypt sensitive information in my organization's enterprise systems".
Sixty seven percent (67%) of respondents indicated that compliance requirements were putting their organization under more pressure to encrypt data at rest.
Less than one-third of respondents, only 31%, believe their organizations are doing an adequate job of encrypting data at rest.
Of the various compliance initiatives, the largest percentage (70.6%) of respondents were most affected by Sarbanes-Oxley, while the Gramm-Leach-Bliley Act and the Patriot Act were a close second and third with 66.7% and 60.8%, respectively. California SB1386 and other state privacy laws registered at 49%, and FISMA, HIPAA and PCI received 43.1%, 41.2% and 31.4% respectively.
"Consumer security is extremely important to any financial services organization, but the path to security and the confidence in those security measures, is extremely varied," says Karim Toubba, vice president of product management and corporate strategy for Ingrian Networks. "This survey has made it clear to us that while legislation is currently the driving force to secure consumer data, there is still education needed around what it means to ensure data privacy."
Ingrian Networks provides the Ingrian DataSecure Platforms, which featuer dedicated hardware appliances and patent-pending cryptography software.
Source: Ingrian Networks
