The use of encryption continues to grow in response to consumer concerns, privacy compliance regulations and on-going cyber-attacks and yet there are still major challenges in managing key across what are the mostly fragmented and tactical deployments of encryption technologies, say the result of Thales’ 2015 Global Encryption and Key Management Trends Study, revealed at RSA Conference 2015.
More than 4,700 business and IT managers were surveyed in the US, UK, Germany, France, Australia, Japan, Brazil, Russia and for the first time India and Mexico, examining global encryption trends and regional differences in encryption usage.
- Use of encryption continues to rise with 34% of respondents reporting that their organization uses encryption extensively
- Deployment of encryption is steadily shifting from a tactical to a strategic activity with 36% of organizations having an enterprise wide encryption strategy
- The top three reasons for deploying encryption are compliance with data protection mandates, to address specific security threats and to reduce the scope of compliance audits
- The use of encryption had a dramatic effect on the perceived requirement to notify those effected in the event of a data breach with nearly half of respondents believing that the use of encryption removed the need to disclose a breach
- The number one perceived threat to sensitive data is employee mistakes rather than external attack
- Despite cloud and big data getting all the hype, these are the least likely areas to use encryption – whereas backend storage, archives and databases are the most likely
- The biggest challenge faced by organizations executing a data encryption policy was in discovering where within their networks their sensitive data actually resides
- Key management is identified as a major pain point by more than half of respondents
- The primary reasons why key management is so painful are lack of corporate ownership, fragmented systems and inadequate tools
- More than half of respondents view hardware security modules (HSMs) as an important part of a key management strategy.
“Encryption usage continues to be a clear indicator of a strong security posture but there appears to be emerging evidence that concerns over key management are becoming a barrier to its more widespread adoption,” commented Dr Larry Ponemon, chairman and founder of The Ponemon Institute.
“In this study we drilled down into the issue of key management and found it continues to be a huge operational challenge. What is clear is that many organizations lack formal ownership and accountability when it comes to key management which is very concerning when you consider the value of the data being protected and operational implications of losing or mismanaging keys.”