Enterprises are failing to encrypt tape backups of critical data even as they make plans to secure the primary data, a new survey has found.
According to a survey of US and European company behaviour carried out for encryption specialist Thales, great efforts are being made to use encryption with web servers, desktop email, and even PCs and laptops, which were due for such protection by 8 out of ten of those asked.
But 35 percent were unsure as to whether they would be using encryption of tape backups of this data, with a further 50 percent confused about how encryption keys might be stored. Of fourteen uses of encryption over the next five years, tape encryption only figured in 11th place.
The confusion over encryption key storage was not surprising given that key management appeared to be the main worry holding back implementation of the technology.
So, companies were in danger of encrypting primary data stories but not the tape backups of those stories. Why?
According to Bryta Schulz of Thales, encryption was still seen as to slow to meet the performance demands of backup schedules.
"Encryption has been added as a feature but admins turn it off because it's too cumbersome," she said. The companies in question often thought they were using encryption even when they turned out not to be. "They have no way to audit this."
"It is encouraging to see that more organisations are proactively securing sensitive data but the survey suggests there is still room for improvement. Most organisations appear to be securing sensitive data in an unplanned and unstructured way leaving both the organisation and data at risk," said Schulz.
The survey is similar in its findings to one carried out by the company in 2005, which uncovered the same anxieties over key management.
Earlier this month, Thales completed its £50.7 million takeover of UK encryption technology vendor nCipher, which has a specific appliance for managing tape encryption key management, called CryptoStor.