Sign in with
Sign up | Sign in

The Last Word

Why Drive-Based Encryption Is Safest and Best
By
Brought to you by What's this

7.2 million dollars.

According to the Ponemon Institute’s 2010 Annual Study: U.S. Cost of a Data Breach, that’s the average that an enterprise can expect to shell out as the result of a data loss. That works out to $214 per compromised record, up 22% just since 2009. Where malicious or criminal acts were involved, the number leaped to $318 per record.

“There’s the cost of doing all the customer management and crisis management after the fact,” says Seagate’s Teresa Worth. “That’s where the majority of the expenses come from. People are having to rush faster and faster to contain the situation, and that speed costs money. On top of that, there’s lost revenue, loss of customer confidence, and who knows how many potential compliance fines.”

If for no other reason, compliance will push every enterprise and SMB in a regulated industry into adopting some form of encryption solution. The classic example is a lost laptop that contains confidential client data. It seems that every month another example of this splashes across the news. Regulations require that the organization that lost the data notify the affected clients, which inevitably turns into a massive PR and customer relations disaster. However, if the company can prove that the laptop drive’s contents were encrypted, and thus there was no chance of that data being viewed and abused, then the business has “safe harbor” and doesn’t have to notify any customers.

“And maybe more importantly, you get to save the 7 million dollars, as well,” quips Seagate’s Monty Forehand. “Well, I don't know which one is more important—the money or the reputation hit. But people tend to identify with the money, even though losing enough customers can put you out of business just as quick.”

Some companies feel that trusting their data to a cloud provider offers instant protection. Unfortunately, this is not the case. Recall those 50,000 drives shipping from data centers on a daily basis. Businesses often have little choice but to take cloud services providers at their word and trust that they are encrypting all client data—if, in fact, the provider specifies this at all. If so, who at the provider has access to the encryption keys? Such questions must be answered before a level of comfort can be established.

The reality is that encryption belongs everywhere: on the desktop, in servers, and in the data center. The more important the data, the stronger the encryption solution should be. No approach available today is more secure, simpler, or cost-effective than self-encrypting drives.

Ponemon’s 2010 study indicates that 61% of businesses that suffer a data breach subsequently turn to encryption in the hope of preventing future losses. No doubt, most of these wish they’d had already acted on the idea before it was too late.