Brocade is warning companies to reassess their security priorities for data centres and stop ignoring encryption, after a survey found that half of respondents had experienced security breaches during 2008.
The Brocade commissioned survey of 4,500 senior European IT decision-makers in the UK, France and Germany was carried out during late 2008, across a number of verticals (public sector, health, finance, retail, manufacturing/logistics, telco, media etc).
Four out of five agreed that data security is one of the biggest challenges facing their organisation, after 50 percent of respondents admitted experiencing data loss/theft in 2008. The survey however did not identify whether these breaches were from internal or external sources.
Last week, a report from the Identity Theft Resource Center (ITRC) also said that there had been a sharp rise in the number of reported data breaches in 2008.
Yet it seems that few companies appear to be addressing the problem, with 70 percent of the companies that suffered the breaches, stating that the lost data was not encrypted.
82 percent admitted that data breaches were "most damaging", and in a clear example of closing the stable door after the horse had bolted, another 82 percent noted that if the data had been encrypted, the risk of the company would been far reduced.
"Encryption is one of best ways to protect data," said Murphy. "We believe the best approach is to apply that encryption at the heart of the data (in the data centre). But at the moment, there is a scattered approach to security, which is a real challenge for companies. By putting encryption in the data centre, it centralises security policies, takes out the complexity, and improves scalability."
But Brocade also recognises that encryption by itself is not enough. "Of course encryption is one of many security options, but reports from Gartner and others have suggested that encryption is the biggest issue," said Murphy. "But this raises the question why companies haven't invested in encryption already."
"Up until now encryption has been disruptive and there has been a performance trade-off," Murphy told Techworld. "This has been unacceptable for companies until now."
"We have brought out a product that encrypts at line rate speed," he added. "We believe that the combination of the removal of the performance hit, and the removal of disruptive hit, will make it easier for businesses to choose, especially for companies having to comply with new rules. We are seeing more and more opportunities at the moment."
Murphy also feels that another reason why companies have been hesitant going down the encryption road is in balancing the risk, in that there is no tangible ROI to show the Financial Director when deploying encryption as it is often compared to having an insurance policy (you only realise ROI when you claim).
"It is almost like an inverted equation," Murphy said. "So it has been a tough sell for the IT manager. But compliance issues will kick in here. You would think encryption would get shelved in this climate. But it is going to be mandatory and companies are not going to have choice. That is why we seeing this market growing in the next few years."
Despite the high level of security breaches, the Brocade survey also found an overwhelming majority of IT managers remained confident in their safeguards. 97 percent of respondents considered their data to be very secure or secure.
"I was kinda surprised by that stat as well," admitted Murphy. "I think it is a question of over confidence. It could be people only considering their internal policy, access to the physical data centre etc. Maybe they don't realise that they migrate large amounts of data over the cloud. I believe it would be surprise for them if a guru/expert came in and did an assessment service as it would likely expose security loopholes."