For more information visit: www.trustedcomputinggroup.org
Unedited press release follows:
New Ponemon Study Finds That Self-Encrypting Drives (SEDs) Most Effective Against Data Breaches
Majority of Respondents Agree Self-Encrypting Drives More Secure Than Software-Based Encryption for Data at Rest; Study to Be Discussed in Free Webcast with Dr. Larry Ponemon May 10
PORTLAND, Ore.–With more than 82 percent of respondents reporting one or more data breaches, a new Ponemon Institute study on self-encrypting drives found that 70 percent believed that self-encrypting drives “would have had an enormous and positive impact on the protection of sensitive and confidential data.” Data breaches cost about $214 U.S. per lost record or about $7.2 million per incident.1
Ponemon’s “Perceptions about Self-Encrypting Drives: A Study of IT Practitioners,” sponsored by Trusted Computing Group (TCG), interviewed 517 IT practitioners in financial services, the public sector, retailing, healthcare, technology and other fields who were familiar with self-encrypting drives (SEDs). SEDs automatically and continuously encrypt data in the drive, with most SEDs today based on a TCG specification. The study found that with software-based encryption, 40 percent of employees regularly turn it off without permission, thereby leaving data unprotected.
IT practitioners rated performance and ease of deployment as the most important aspects of encryption solutions. Sixty-four percent agreed that SEDs provide a faster set-up time, and 59 percent agreed that SEDs provide enhanced scalability in multi-drive situations.
Details of the study and the role of SEDs in data protection will be discussed in detail in a free webcast with Dr. Larry Ponemon, chairman and founder of the Ponemon Institute, on May 10, 10 a.m. Pacific/1 p.m. East. To register or get more information, go to http://trustedcomputing.conferencinghub.com/attendee/RegisterLogin.aspx?hubconfID=1065447&qtID=1&act=reg&cp=6875.
In addition to data breach protection, respondents noted that compliance with state or federal data protection laws is the main driver for encrypting data at rest, including financial documents, employee records and customer data. Respondents note that the types of data that they encrypt include:
• 89 percent: confidential (57 percent) and non-confidential (32 percent) financial documents
• 52 percent: trade secrets (34 percent) and intellectual property (18 percent)
• 41 percent: employee records
• 39 percent: customer data
“While self-encrypting drives are a new technology, the IT staff we interviewed believed they are more secure than software-based encryption,” noted Dr. Ponemon. “And it’s apparent that complying with the increasing number of state and federal data protection mandates is driving encryption and interest in SEDs.”
An executive summary of the report is available at http://www.trustedcomputinggroup.org/files/static_page_files/B759606E-1A4B-B294-D0A0450F23FC8836/TCG%20Executive%20Summary.pdf.
Trusted Computing Group
The Trusted Computing Group (TCG) provides open standards that enable a safer computing environment across platforms and geographies. Benefits of Trusted Computing include protection of business-critical data and systems, secure authentication and strong protection of user identities, and the establishment of strong machine identity and network integrity. Organizations using built-in, widely available trusted hardware and applications reduce their total cost of ownership. TCG technologies also provide regulatory compliance that is based upon trustworthy hardware. More information and the organization’s specifications and work groups are available at the Trusted Computing Group’s website, www.trustedcomputinggroup.org. Follow TCG on Twitter and on LinkedIn.
Brands and trademarks are the property of their respective owners.
1 Ponemon Institute, “2010 Annual Study: U.S. Cost of a Data Breach Study”