“It’s a shame that so many people have been sold encryption but not the means or knowledge to manage it,” said Jeff Hudson, CEO of Venafi, in a statement. “IT departments must track where the keys are and monitor and manage who has access to them. ... It’s no longer rocket science. Yet recent, costly breaches at Sony, Epsilon and elsewhere reinforce the need for both more encryption and effective management.”
31% of respondents astonishingly said that they could still access organisational data because they could easily retain the encryption keys when they left and access the information remotely. Finally, 24% of respondents to the survey admitted that their fear of losing encryption keys is what is deterring them from investing in encryption key and certificate solutions to protect digital assets and secure sensitive system communications.
On the public side, the city/county of San Francisco knows the perils of employees holding passwords hostage all too well. Last year Terry Childs, a former city network engineer, was found guilty of felony computer tampering for withholding passwords to the city's main computer network in 2008. Last week a superior court judge ordered Childs to pay $1.5 million in restitution to San Francisco.
Childs refused to hand over the passwords to the FiberWAN network, which handles computer traffic for about 60 percent of the city's departments, to his supervisors and to police.