security While large organizations are implementing encryption technology for laptops, tape backup and networks, the vast majority have not added encryption capabilities on their enterprise storage systems. Since most big storage systems reside in the data center, CISOs believe that existing physical and electronic security safeguards provide adequate protection given the risks.Okay but what about data destruction. Today most firms employ physical or electronic processes to destroy the data resident on disk drives before sending them off-site for retirement or maintenance. If all disk drives were encrypted, you could simply delete the encryption key associated with a particular drive and voila, all the data becomes unreadable. This could automate the whole data destruction process and thus save large organizations lots of time and money.ESG agrees that this is true in theory but users don’t seem to have a big enough problem with data destruction to render key deletion the “killer app” for encrypting storage. In a recent ESG Research survey, only 15% of large organizations (i.e. 1,000 employees or more) claim that data destruction processes require a “significant” amount of finanacial and operational resources (while 42% said that data destruction processes require a “marginal” amount of finanacial and operational resources and 27% said that data destruction processes require a “minimal” amount of finanacial and operational resources). You can download an ESG Research Brief with more detail at: http://www.enterprisestrategygroup.com/ViewSecureDocument.asp?ReportField=ReportBodyAttachment&ReportID=1229&ReportType=Brief.In the future, disk encryption will probably become mainstream but this will happen as a result of supply side economics rather than demand side requirements. In other words, when disk drives come standard with encryption capabilities at little to no extra cost, users will deploy this technology as part of a layered defense. Until then storage encryption will remain a small niche in the enterprise market. Related content analysis 5 things security pros want from XDR platforms New research shows that while extended detection and response (XDR) remains a nebulous topic, security pros know what they want from an XDR platform. By Jon Oltsik Jul 07, 2022 3 mins Intrusion Detection Software Incident Response opinion Bye-bye best-of-breed? ESG research finds that organizations are increasingly integrating security technologies and purchasing multi-product security platforms, changing the industry in the process. By Jon Oltsik Jun 14, 2022 4 mins Security Software opinion SOC modernization: 8 key considerations Organizations need SOC transformation for security efficacy and operational efficiency. Technology vendors should come to this year’s RSA Conference with clear messages and plans, not industry hyperbole. By Jon Oltsik Apr 27, 2022 6 mins RSA Conference Security Operations Center opinion 5 ways to improve security hygiene and posture management Security professionals suggest continuous controls validation, process automation, and integrating security and IT technologies. By Jon Oltsik Apr 05, 2022 4 mins Security Practices Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe