Security and IT professionals in the Middle East are demonstrating a rising desire to secure critical applications and data, driving higher encryption adoption for newer use cases like containers and IoT platforms, as well as for email and private cloud infrastructures.
This and other findings are highlighted in the Entrust study, a multinational survey by the Ponemon Institute. The study reports on the cybersecurity challenges organizations face today, and how and why organizations deploy encryption.
Encryption adoption for private cloud infrastructure is up
According to respondents from the region, the most important feature associated with encryption solutions is support for cloud and on-premises deployment. The adoption of encryption for private cloud infrastructure is up 8% over the past two years and Bring Your Own Key (BYOK) management support was cited an important feature of cloud encryption solutions by 42% (vs. 34% globally), making this the 4th straight year that this was above the global average.
When it comes to what’s driving data encryption in the Middle East, the top priorities are to protect customer personal information (59% of respondents vs. 54% globally) and intellectual property (57% vs. 49% globally).
The fastest growing drivers are limiting liability from breaches or inadvertent disclosure (47% up from 39% last year) and to comply with external privacy or data security regulations and requirements (39%, up 11% over the past 2 years).
Unfortunately, while encryption is the foundation of data protection, just 29% of Middle East companies surveyed indicate that they have a consistently applied encryption plan/strategy – well below this year’s global average of 50%. At the same time, 59% of these organizations report that they have experienced a data breach, the 2nd highest rate worldwide and well ahead of the global average of 44%.
The growing role of hardware security modules
Across the Middle East, 68% of organizations surveyed use Hardware Security Modules (HSMs), one of the highest adoption rates across all regions surveyed. Furthermore, the highest use case where HSMs are used is Application-level encryption (47%) and organizations in the Middle East use HSMs more than any other region for IoT root of trust (30% vs. 21% globally).
Additionally, the fastest-growing use cases are document signing at 21% (up 16% over the past three years) and Cloud Access Security Brokers (CASBs) for encryption key management at 32% (up 9% over the same period).
Looking to the future, respondent organizations anticipate greater use of HSMs over the next 12 months. This uptake covers a range of use cases, primarily key management root of trust which is expected to increase from 16% to 31% over that time. Other priorities include code signing, increasing from 25% to 33%, protecting administrative access to PAM solutions (34% to 40%) and Secrets Management solutions to protect secrets storage expected to increase from 30% to 36%.
“As organizations in the Middle East increase their use of the cloud, it’s clear that they prefer encryption solutions that support cloud deployments and want to control the keys that are used for data at rest encryption in the cloud. While it’s encouraging to see these specific uses cases being adopted, more needs to be done to encourage enterprise-wide encryption strategies, especially as a majority of respondent organizations have experienced a data breach,” said Philip Schreiber, Regional Sales Director-Data Protection Solutions, for Entrust.
“A holistic encryption approach can help organizations limit liability from breaches or inadvertent disclosure and help to comply with data privacy regulations while they focus on protecting financial records and payments-related data from the risks of hackers and temporary or contract workers. The region continues to have one of the highest HSM adoption rates, demonstrating a desire for greater control over critical applications and data and security professionals view HSMs as becoming more important, particularly for use cases like key management root of trust, code signing and for use with privileged access and secrets management solutions.”