Fahmida Y. Rashid recently wrote an article in eweek about the average cost of a data breach rising to $7.2M according to a study by the Ponemon Institute. We’ve already seen the Ponemon report but a few sections of Fahmida’s article pertaining to the use of encryption caught my attention:

“…the most common threat still comes from negligent employees. The number of breaches caused by negligence, such as not securing data properly, increased slightly to 41 percent, and averaged $196 per record, the survey said.”

We’ve blogged before about the use of automated security controls to help prevent SharePoint security breaches that result from “stupid human tricks.” The quote above demonstrates that this business risk is real. Fahmida goes on to say…

“While 63 percent of the respondents mentioned training, implementing encryption mechanisms was the second most popular data-breach remedy, at 61 percent, the report found. Both encryption and data loss prevention implementations have increased 17 percent since 2008.”

”Encrypting data minimizes the impact of lost or stolen data because thieves or unauthorized users can’t easily get access to the sensitive information.”

Applying this thinking to SharePoint, encryption of content in SharePoint sites can be used to both remedy and help prevent a breach. In addition, the existence of encryption controls can minimize the impact of security breaches…many of the state data breach laws in the US exempt organizations that lose personal data from notifying affected individuals if the data was encrypted.

Security is a function of time and resources and the bad guys always have more of both. That doesn’t mean organizations must throw up their hands and surrender. You have to exercise due diligence, and the deployment of encryption controls to secure and protect SharePoint content is an expected part of due diligence efforts.

Mike