News Stay informed about the latest enterprise technology news and product updates.

PCI encryption requirements driving widespread adoption, survey finds

Encryption has become generally accepted in the industry, said Larry Ponemon, founder of the Ponemon Institute LLC.

A new survey conducted by the Ponemon Institute LLC has found that adoption of encryption technologies is continuing to increase and many of the deployments are being driven by compliance initiatives, including PCI encryption requirements.

Compliance with regulation, for example, like HIPAA and some financial regulations, has become a bigger driver for the adoption of encryption technologies.

Larry Ponemon,
founderPonemon Institute LLC

The "2010 annual study, U.S. Enterprise Encryption Trends" report was commissioned by Symantec Corp. It polled 964 U.S.-based organizations and found that 84% of respondents now use encryption.

Larry Ponemon, founder of the Traverse City, Mich. -based research firm, said the survey's findings are evidence that encryption is the most widely-accepted form of data protection across the industry.

"Companies are almost expected to use encryption, and if they're not using this or something that's comparable like tokenization, they're probably not meeting their mission," Ponemon said.

The biggest surprise in the study, now in its fifth year, was the discovery that over two-thirds of respondents, 69%, said compliance was the main reason they implemented encryption. Survey respondents cited state privacy laws, including those in California and Massachusetts as reasons for adopting encryption. PCI DSS requirements, and the Health Information Portability and Accountability Act (HIPAA) were also cited as main drivers, PCI DSS requirements have seen the greatest increase in influence by far over the past four years, rising 49 points from 15% in 2007 to 64% this year.

"Compliance with regulation, for example, like HIPAA and some financial regulations, has become a bigger driver for the adoption of encryption technologies," Ponemon said. "Compliance as a reason seems to dominate, although data protection is still very important, but it seems to be less important than basically complying with these regulations."

Nearly three-quarters of respondents (73%) considered data protection very important and one of their most pressing concerns. The survey found that encryption deployments are also used to reduce the threat posed by viruses, malware and spyware infections, a finding that supports the fact that cybercriminals are increasingly targeting unprotected data and data being used more often on mobile devices.

Companies are deploying a mixture of encryption technologies, but full disk encryption is the fastest growing in popularity. The survey found 59% of companies now using full disk encryption, up five points from 2009, and 15 points from 2007. Full disk encryption and database encryption are both becoming more popular, although file server encryption is still the top technology.

"What you see is that people are adopting a broader profile of encryption not just in specific places that they've identified," said Brian Tokuyoshi, senior product marketing manager at Mountain View, Calif.-based Symantec.

With the frequency of data breaches on the rise, 88% of companies experienced more than one breach in 2010; it is important to ensure your company's data is secure, Ponemon said.

"Knowing that the information is encrypted is basically going to solve 99.99% of your problem," Ponemon said. "It's a type of technology that solves a certain type of problem."

Dig Deeper on Disk and file encryption tools

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.