IT departments have easiest access to sensitive data
CEOs of modern companies often lack access to their own sensitive data, according to Venafi. When asked who had the easiest access to their company’s most sensitive data, 65 percent said that the IT department had the easiest access, with the CEO at 30 percent, management at 8 percent, the HR department at 7 percent and legal at 5 percent.
The survey also revealed that if the person responsible for managing an organization’s encryption keys were to leave, 23 percent worried that they would not have access to valuable, encrypted data.
A third of survey respondents said that their knowledge of and access to encryption keys, coupled with their organizations’ lack of oversight and poor key and certificate management controls, meant they could bring the company to a grinding halt with minimal effort and little to stop them.
Organizations have deployed multi-layer defense systems designed to protect against threats from entering the network and sensitive information from leaving it, yet breaches still occur. The problem is not technology but an inability to manage technology correctly.
The survey is an additional reminder that CEOs and boards of directors have not taken appropriate action to protect critical information, and that they continue to allow their IT departments to dictate what data they have access to and how easy it is to access the valuable and often regulated data.
A surprising 24 percent said that the fear of losing encryption keys was deterring them from investing in encryption technologies. This shows that recent major data breaches have almost paralyzed some organizations, which are afraid to improve their IT security for fear of making things worse—or just do not trust their IT departments to handle encryption technology effectively.
“Encryption management has become a big issue for companies worldwide. Encryption is the last line of defense in protecting data against loss or compromise,” said Jeff Hudson, Venafi CEO. “Companies are finding out how important encryption is when they have experienced a huge data breach because they weren’t using encryption. Then they find out that when they deploy encryption they have another big problem and that is managing the encryption keys. Encryption is only half the solution – you need to know where the keys are and they find that the only way to manage the keys is with an automated certificate and key management system. Once the data’s protected with encryption, the key becomes the data and the thing that must be managed and protected. What this survey reveals is that organisations have to quickly get to grips with automating key and certificate management—the keys are crucial to safeguarding your whole enterprise.”