Businesses have learned that perimeter security is no longer enough to protect critical data, and many are now touting the benefits of encrypting the data held in storage and backup systems. Driven largely by the awareness of security breaches, lawmakers, credit card issuers, and consumers themselves are holding organizations accountable for the protection of personal data. Today, businesses that suffer a security breach in which customer data is lost or stolen face widespread negative publicity, lost business, lawsuits, and fines that can threaten their viability. Although it's easy to immediately think that the storage or backup systems were compromised, it's important to note that, in an analysis of 45 of the reported incidents of data theft that occurred in the first half of 2005, only a small percentage were due to theft or loss of backup tapes. Far more prevalent were incidents in which insiders or outside attackers gained access to sensitive information through application-level attacks — attacks storage-level encryption wouldn't have prevented. This is why it is important for businesses to encrypt data at the Web, application, or database layer. Encrypting data as it enters the business, rather than having it stay in a readable state while it is used in various applications throughout the network, protects that data from both internal and external threats.
Read full abstract