Encryption critical to improved security posture

Encryption is finally seen as a strategic issue and organizations are increasing their investment in encryption across the enterprise in response to compliance regulations and cyber-attacks, says Thales.

In its 2011 Global Encryption Trends Study more than 4,000 business and IT managers were surveyed in the US, UK, Germany, France, Australia, Japan and Brazil. This year’s study looked at more territories than in any previous year since its launch in 2005 when it was the first to examine regional differences in encryption usage.

Germany, the US and Japan show the greatest use of encryption. However, what is clear is that encryption is growing in importance in all the countries, with companies increasingly deploying encryption as part of an overall data protection strategy.

In 2005 only 15% of organizations surveyed had an encryption strategy, today for the first time there are more organizations with an encryption strategy than without.

Encryption is now viewed as a strategic issue with business leaders gaining greater influence over their organization’s encryption strategy. The study shows that the CIO, CTO or IT leader still tends to be the most important figure in deciding encryption strategy (39% of respondents), but non-IT business managers have an increasing role in determining that strategy (more than doubling since 2005 to 21% of respondents), demonstrating that encryption is no longer seen as just an IT issue but one that affects an entire organization.

The main drivers for deploying encryption solutions are to protect brand reputation (45%) and lessen the impact of data breaches (40%).

Compliance is also a major driver for using encryption with 39% of respondents saying it is to comply with privacy or data security regulations and requirements. Compliance is in fact the number one driver for using encryption in the US, UK and France.

Respondents considered key management issues to be amongst the most important features of encryption technology, in particular the use of automated and centralized key management.

Most interestingly, half of respondents believed that investments in key management had the potential to reduce operational costs within their organization.

The significance of key management was further illustrated when respondents were asked about the relative importance of various best practices or “standards of due care” when deploying encryption with 5 out the top 7 being explicitly focused on key management issues.