Do you really know who has access to your sensitive company data? A new survey from Venafi suggests that many workers believe it is the IT department that can most easily access a company’s most valuable information, ahead of C-level executives.

The survey of over 500 IT professionals found that 65% believe it is the IT department that has the easiest access, way ahead of the CEO on 30%. Management (8%), HR (7%) and legal (5%) were also on the list.

The survey also shone a light on just how reliant some companies are on a small number of people to access their all-important data. If the person in charge of managing an organisation’s encryption keys were to leave, 23% said they would worry about whether they would be able to access and decrypt the data.

This follows on from a previous Venafi survey which revealed that 40% of IT admins admitted they’d be able to hold a company to ransom by withholding or hiding encryption keys. "Could" is of course very different to "would" but the possibility is there, and that should be enough to worry many businesses.

What may be more worrying for the security industry – and specifically those vendors that deal with encryption – is that 24% of respondents said they were holding back on using encryption technology because of fears over losing encryption keys.

"Encryption management has become a big issue for companies worldwide," said Jeff Hudson, Venafi CEO. "Encryption is the last line of defence in protecting data against loss or compromise. Companies are finding out how important encryption is when they have experienced a huge data breach because they weren’t using encryption."

"Then they find out that when they deploy encryption they have another big problem and that is managing the encryption keys," Hudson added. "Encryption is only half the solution – you need to know where the keys are and they find that the only way to manage the keys is with an automated certificate and key management system. Once the data’s protected with encryption, the key becomes the data and the thing that must be managed and protected."