Some 40% of IT security professionals admit they could hold their employers hostage even after they'd left for other employment, a survey conducted at Infosecurity Europe 2011 has revealed.
The IT security professionals surveyed said they could still could cause havoc with their knowledge of the encryption keys, shared passwords and weak controls. They said they would still have access to vital information and could manipulate it to their own ends remotely.
A third of respondents said their knowledge of and access to encryption keys and certificates for system authentication and data protection means they could bring the company to a halt, according to the survey by enterprise key and certificate management firm Venafi.
Finally, 24% of respondents admitted their fear of losing control over encryption keys is what deters them from investing in encryption key and certificate solutions to protect digital assets and secure sensitive system communications.
The survey shows that 82% of companies now use digital certificates and encryption keys. However, 43% admit to being locked out from their own information because people have left the organisation or keys are lost.
Some 76% said they would use automation if they knew it existed, and the same companies said they were unaware of how to manage their keys and certificates, leaving them exposed to unplanned system outages, security risks and reduced access to critical data.
"It's a shame that so many people have been sold encryption but not the means or knowledge to manage it," says Jeff Hudson, chief executive officer at Venafi.
Many have found they need an automated system to manage thousands of keys and certificates only when they have been locked out from their own information, he said.
Once the data is protected with encryption, the key becomes the data and the thing that must be managed and protected, says Hudson.
"Key Encryption is only half the solution. IT departments must track where the keys are and monitor and manage who has access to them," he says.
The survey reveals that organisations need to come to terms with how crucial encryption keys are to safeguarding the entire enterprise, says Hudson.