Companies on the way to implement encryption projects

The 2009 encryption and key management benchmark survey conducted by Trust Catalyst on behalf of Thales, reveals that the Payment Card Industry Data Security Standard (PCI DSS) and the US Health Information Portability and Accountability Act (HIPAA) are driving encryption projects across industries.

In order to comply with HIPAA, 52 per cent of respondents from Europe are planning to implement encryption projects to comply with PCI DSS. While in the US, 53 per cent of the organisations surveyed are planning encryption projects to comply with HIPAA. However it was also found in the research that organisations are, at the same time, spending more time and effort on key management planning.

Franck Greverie, vice president, managing director for the information systems security activities of Thales, said: “These results show clearly that two of the most important pieces of data – a person’s credit card details and their health records – and the regulations designed to safeguard this data are the major drivers for companies to encrypt data.

“The impact of a data breach is one of the main security headaches for CEOs and IT specialists alike and regulation is already playing a role in terms of tightening data security. The very nature of encryption means that data is secure even if many of the other enterprise security mechanisms fail and regulators and industry will therefore grow to depend on encryption.”

“Key management and the ability to demonstrate encryption key custody and control will become increasingly important as auditors and regulators look to validate safe harbour. The good news is that encryption is now significantly easier to implement and manage than in the past,” added Greverie.