IDG Quick Poll Survey Reveals Data Security Priorities
The surface over which enterprises can be attacked has continued to grow as data is spreading into the cloud, mobile, remote, and partner environments. Data thieves are uniting to create profitable data-theft businesses. Many companies are left overwhelmed and unprotected by the shifting security environment and are not protecting data at rest, in transit, and in use.
According to an IDG Quick Poll Survey conducted in March, 2016, enterprises are directing their energy and budget into protecting their data at rest. Over 70% of respondents ranked securing their data at rest as “critical,” while just 50% claimed that protecting their data in transit is critical. All sensitive data that is not protected is highly vulnerable to cyber-attack. Businesses are now being forced to transition to building in better data security.
How are enterprises securing their data? The IDG Quick Poll Survey shows that enterprises protect their data at the whole-disk, database, and file levels. This does not account for data that does not stay in one place. Encrypting at the data level protects the data in all states and at all locations. However, most enterprises are left unprotected. Over half, or 57% of respondents stated that the largest obstacle to overcome in the changing security landscape is difficulties with long-term security management. The second largest obstacle cited by respondents was the inability to support a changing environment.
Security today requires newer technology to mask sensitive information. Two such options are Tokenization and format-preserving encryption. Both replace original data with encryption or a random token. Only 15% of the IDG Quick Poll Survey respondents reported using format-preserving encryption. Tokenization is used by 30% of respondents in the Payment Card Industry.
With data expanding corporate borders into the cloud, onto mobile networks, and into public Internet connections, security risks have become multidimensional. Enterprises must understand these risks and implement appropriate security measures.