InfoTech Survey: Financial Services Industry Struggles to Integrate Enterprise-wide Encryption into Security and Compliance Activities

Share Article

Compliance issues, not perceived threats, driving increase in security budgets and use of encryption.

According to a new survey from InfoTech: The Telecom Intelligence Group, the financial services industry continues to struggle with how to integrate enterprise-wide encryption strategies into their security and regulatory compliance operations. The study was designed to provide insight into security measures currently being undertaken by the financial services industry, attitudes towards the security of consumer information, and the drivers such as legislative mandates and the increasing awareness of security breaches behind current security projects. The survey was sponsored by Redwood City Calif.-based, Ingrian Networks, a provider of data privacy solutions. The results highlighted the following findings:

-- Eighty-seven percent indicated that regulatory/legislative compliance is elevating the requirements to encrypt sensitive information in their organization’s enterprise systems.

-- While compliance is a key driver towards encryption, SB1386 and similar state privacy laws carry heavy weight with financial institutions. Of the various compliance initiatives, the largest percentage (70.6%) of respondents were most effected by Sarbanes-Oxley while the Gramm-Leach-Bliley Act and the Patriot Act were a close second and third with 66.7% and 60.8%, respectively. California SB 1386 and other state privacy laws registered at 49%, and FISMA, HIPAA and PCI received 43.1%, 41.2% and 31.4%, respectively.

-- Current encryption practices in the financial services industry are spotty at best. Fifty-four percent of our respondents reported that encrypting data at rest is a high priority for their organizations. Less than a third, only 31 percent, believe that their organizations are doing an adequate job of encrypting data at rest.

“The financial services industry is at a crossroads when it comes to security in general and enterprise encryption strategies in particular,” said Lane F. Cooper, director, InfoTech and author of the study. “While a tremendous amount of effort is being expended by the financial services sector to protect communications and information resources through increasingly hardened perimeter security measures, the fact remains that most organizations are likely to experience a significant security incident in the foreseeable future. Encryption is the last line of defense should a major breach occur, and huge segments of the Financial Services Sector are NOT well prepared to protect this data at rest. There is a growing realization in the industry that this needs to be addressed. The research conducted by InfoTech strongly suggests that we can expect to see encryption play a much larger role in the security mix of financial services organizations by the end of the decade.”

The 112 survey respondents were comprised of directors, vice presidents and C-level executives of IT and/or security from the financial services industry. The majority of the respondents work in retail banking (37.7%) and commercial banking (32.1%), with the remaining respondents working in investment banking, securities/commodity trading, insurance and credit unions. In general, the importance of securing data and the confidence in how well the data is secured showed a divisive split among respondents – with 53.8% agreeing or strongly agreeing that encrypting “Data at Rest” is a high priority for their organization and 38.5% disagreeing or strongly disagreeing that it is a high priority.

“Consumer security is extremely important to any financial services organization, but the path to security and the confidence in those security measures, is extremely varied,” said Karim Toubba, vice president of product management and corporate strategy for Ingrian Networks. “This survey has made it clear to us that while legislations is currently the driving force to secure consumer data, there is still education needed around what it means to ensure data privacy. There are specific steps that organizations can take to comply with new laws, so it is important for an organization to deploy a product like Ingian’s DataSecure Platform to become compliant with legislation.”

To download the report, please visit: http://www.telecomweb.com/enterpriseencryption/ .

About The Telecom Intelligence Group

The Telecom Intelligence Group includes market-intelligence provider InfoTech; TelecomWeb and TelecomWeb news break; newsletters Wireless Business Forecast, Broadband Business Forecast, Telecom Policy Report and Inside Digital TV; tariff consultancy Tarifica; and the Web-based business telephony product database TelecomTactics. For more information on The Telecom Intelligence Group products and services, please visit http://www.TelecomWeb.com.

About Ingrian Networks

Ingrian Networks brings complete data privacy to the enterprise. With Ingrian DataSecure Platforms, organizations can protect critical data from both internal and external threats, and ensure compliance with legislative and policy mandates for security. DataSecure features a dedicated security appliance and specialized software that enables organizations to encrypt critical data in applications and databases. With its capabilities for granular encryption, seamless integration, and centralized security management, DataSecure enables organizations to guard against a range of security threats, with unparalleled ease and cost effectiveness. Ingrian is a privately held company backed by such investors as Globespan Capital Partners, HighBAR Ventures, Menlo Ventures, Partech International, and Prism Venture Partners. For more information, visit http://www.ingrian.com.

# # #

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Sharon Valencik
Visit website