tashka2000 - Fotolia
Enterprise adoption of encryption accelerating, study shows
Cloud adoption and escalating threats are accelerating adoption of encryption, a study has revealed
Enterprises adoption of encryption strategies is accelerating, with 41% of those polled saying their organisations have an encryption strategy applied consistently across the enterprise.
For the first time in 12 years, business unit leaders have a higher influence over encryption strategy than IT operations, according to the 2017 Global encryption trends study by the Ponemon Institute. The influence lines of business have on encryption strategy has risen from 10% in 2005 to 30% in 2016.
The Ponemon Institute surveyed more than 5,000 people across multiple industry sectors in the UK, US, Germany, France, Australia, Japan, Brazil, the Russian Federation, Mexico, India, Saudi Arabia and the United Arab Emirates.
The biggest driver encryption is compliance (55%), followed closely by protecting enterprise intellectual property (51%), customer information protection (49%) and protection from external threats (49%).
Another key finding of the study commissioned by Thales e-Security is that organisations continue to show a preference for control over encryption and key management when those activities migrate to the cloud.
Just over two thirds of respondents said they either perform encryption on premise prior to sending data to the cloud, or encrypt in the cloud using keys they generate and manage on premises, while 37% said their organisations turn over complete control of keys and encryption processes to cloud providers.
Nearly a third of respondents are using or planning to use hardware security modules (HSMs) with bring your own key (BYOK) deployments, with 20% saying the same for cloud access security broker (CASB) deployments.
Overall, usage of HSMs with CASBs is expected to double in the next 12 months from 12% to 24%. Use of HSMs is at is at its highest level at 38% of respondents, with 48% of those owning and operating HSMs on-premise in support of cloud-based applications.
Read more about encryption
- Nearly a quarter of security pros are blind to encrypted threats.
- The security industry has welcomed the announcement that messaging platform WhatsApp is enabling full end-to-end encryption by default.
- A coalition of top cryptologists and several large technology firms, including Apple and Google, have sent a letter urging the US government to preserve strong encryption.
- More organisations are planning to deploy encryption in response to geopolitical changes, but confidence in organisations’ ability to secure and protect encryption is low, a survey shows.
“The accelerated growth of encryption strategies in business underscores the proliferation of mega breaches and cyber attacks, as well as the need to protect a broadening range of sensitive data types,” said Larry Ponemon, chairman and founder of The Ponemon Institute.
“Simply put, the stakes are too high for organisations to stand by and wait for an attack to happen to them before introducing a sophisticated data protection strategy. Encryption and key management continue to play critical roles in these strategies.”
John Grimm, senior director at Thales e-Security, said the 2017 findings of the study align with key trends demonstrating an increased reliance on the cloud, ever-evolving internal and external threats, and new data sources mandating stronger protection.
“The survey further reinforces that cloud key management offerings are more important than ever – and business-leader involvement is crucial to a sound security strategy,” he said.
In line with these trends and customers’ need for strong and flexible safeguards in the cloud, Grimm said Thales has recently announced integrations with AWS, Google, Microsoft and Salesforce cloud platforms.
“Our support encompasses BYOK, key management as a service (KMaaS) and RESTful API examples, with additional collaborations on the way,” he said.
