Despite evidence that stored data is more vulnerable than data in transit, companies still focus encryption efforts on data transmission.
It’s Time to Protect Stored Data
A recent survey conducted by CIO and PricewaterhouseCoopers found that the most common result of security breaches in the past 12 months was the compromise or loss of stored data, just ahead of applications and network availability.
It’s Also Time to Make Encryption a Priority
Only 30 percent of IT executives said their companies encrypt stored data, yet it’s attacked most frequently.
Source: “State of IT Security 2003,” a worldwide study conducted by CIO and PricewaterhouseCoopers—7,596 respondents
Don’t lose the key. If you store encrypted data and lose the digital encryption key, you cannot read that data. Depending on the form or encryption you choose, if you store data in an encrypted fashion and lose the digital encryption key or access passwords, you have no way of ever reading that data again. Make sure you have backup procedures and access permissions as part of your encryption strategy, including storing encryption keys and passwords in escrow with a secure third party.
Pick and choose. Some stored information may warrant this additional level of security, such as R&D or sensitive customer records, but other data may not. Companies should frequently review the classification of data and information and determine which assets require encryption.
Align your security policy with your company’s business objectives. This will help you determine which data is critical to the business—requiring additional layers of security—and which is not.