Encryption: A nice idea that few want to implement?
Companies are not embracing encryption as a way to protect sensitive data. According to Ponemon Institute's 2005 National Encryption Survey, only 4.2% of companies responding to our survey say their organizations have an enterprisewide encryption plan.
However, the study also reveals that encryption is viewed by many as an important security tool that enhances the IT professionals' overall sense of trust or comfort in data-protection efforts. The primary reasons cited for not encrypting sensitive or confidential information were concern about system performance (69%), complexity (44%) and cost (25%).
Sponsored by PGP Corp., this independent study was conducted to learn what privacy and security professionals think about encryption and how adequate they believed their organization's security programs are to protect sensitive and confidential information.
Encryption is mostly used to protect sensitive or confidential electronic documents when sending them to another system or location (47%), according to our survey results. Only 31% of respondents encrypt data on a device such as a server or laptop, and 24% encrypt sensitive or confidential backup files or tapes before sending them to off-site storage locations.
