Survey Finds Data Breach Vector Remains Wide Open Thanks to Traffic Encryption Challenges

PITTSBURGH – December 15, 2014 – Most enterprises are forced to use a fractured mess of systems to encrypt and protect sensitive data traffic, according to a new survey of IT managers conducted by Spiceworks, casting light on a leading attack vector used in recent high-profile data breaches.

Poor security of networked applications and inadequate network segmentation have been cited as chief security issues behind some of the world’s biggest data breaches and other hack attacks in 2014.

Commissioned by security solution vendor Certes Networks, the global November 2014 survey revealed that many enterprises must utilize two, three, four or more forms of VPNs, network-based encryption, and application-layer encryption to secure sensitive data traffic on their networks.

“This extreme traffic security fragmentation creates ‘Crypto Chaos,’ making it very difficult to ensure that traffic is properly secured from end-to-end,” said Adam Boone, CMO of Certes. “The stark reality is that 2014 was ‘The Year of the Breach’ in part because many enterprises still lack adequate tools to fully protect their most sensitive data communications. Until this problem is solved, we can expect to see hackers exploiting poor data communications security for huge financial gain at the expense of enterprises.”

The financial toll of data breaches has spiked into the billions of dollars in cleanup expenses, fraud response costs, lost market valuation, reputation damage, lawsuits, and related expenses. The Spiceworks survey focused on the challenges faced by IT managers as they try to protect sensitive corporate data communications carrying credit card information, financial transactions, medical records, proprietary and secret information, and other sensitive data.

More than 75 percent of responding enterprises use at least two methods of data traffic encryption and one-third use three or more. The IT managers also cited network segmentation and protection of networked applications as challenges.

More than 50 percent of the managers said they are prevented from using strong encryption to provide better network segmentation and isolate sensitive applications. The top reasons given were management difficulties and the major performance hit on firewalls, routers and switches when they are used to encrypt traffic.

Among the surveys findings:

  • Two-thirds of companies allow employees to access corporate data and applications on personal devices such as smartphones and tablets, but a wide variety of techniques and tools are used to encrypt the traffic to these devices, further underscoring the encryption fragmentation issue.
  • 69 percent of companies allow employees to access corporate applications via the Internet, but it’s not clear who’s really entrusted with encrypting that traffic, the application maker or the IT department.
  • One-third of companies continue to have security and compliance concerns about moving workloads to the Cloud.

Many IT managers also reported that projects for improving network security are on the way. More than half indicated that network security improvements are planned for 2015 and nearly a quarter named network security as a top IT priority in the coming year. In total, two-thirds of respondents reported they are budgeting such projects.

Learn more about the Spiceworks study, and how Certes’ CryptoFlow Solutions are helping enterprises lock down their most critical data by downloading the free report.

About Certes Networks

Certes Networks protects data in motion with market-leading software-defined security solutions. The company’s award-winning CryptoFlow® Solutions safeguard application traffic in physical, virtual and Cloud environments, enabling secure connectivity over any infrastructure without compromising network device or application performance. Companies around the world rely on security solutions from Certes Networks to protect access, accelerate application deployment, simplify network projects, reduce compliance costs, and improve the return on investment in IT infrastructure. For more information, visit