Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Ponemon Auditors' Survey Reveals Poor Opinion Of Security Programs: Page 2 of 2

The survey also addressed how auditors regard the role of encryption in security and compliance. Seven of 10 auditors said that information assets cannot be fully protected without the use of encryption.

Desktops and mobile devices topped the list (71 percent) of areas in which encryption is most important in protecting information, followed closely, in order, by encryption over public networks and databases. Encryption is the protection technology of choice over data masking, tokenization and truncation in four key areas: databases, applications outside the database, storage and data at point of capture.

Tokenization--which is an increasingly popular alternative for Payment Card Industry Data Security Standard (PCI DSS) compliance, in particular--was close (37 percent) to encryption (43 percent) in point of capture protection. Key management was cited as a challenge for encryption programs, particularly the administration of keys, followed by protecting them in storage.

Two-thirds of the auditors said that the use of hardware security modules (HSMs) for encryption and key management reduces the time spent on demonstrating compliance. Just under half the auditors said that they most frequently recommend the use of HSM over software, while a third said they recommend HSM but allow software-based encryption and key management. The balance said they most frequently recommend software.

See more on this topic by subscribing to Network Computing Pro Reports Virtualization Security (subscription required).