Our Global Encryption and Key Management Trends report is now in its tenth year, providing an annual ‘pulse check’ on enterprise approach to and deployment of encryption techniques. The picture across the board is clear – use of encryption is growing across all industries. There can be no doubt that the series of mega breaches and cyber-attacks over the course of the last year have increased companies’ urgency to improve their security posture. Perhaps unsurprisingly, this is particularly true in healthcare and retail, which show the greatest leap since last year in adoption of this technology. Names such as Home Depot, Target, and Anthem will not be easily forgotten.
There are two key areas which emerge when considering the biggest barriers to effective execution of a data encryption strategy. First and foremost, for 56% respondents, the primary challenge is discovering where sensitive data resides in the organisation. This is ironic, as this is the very problem that encryption is designed to mitigate, desensitising ‘toxic’ data as it flows, unbidden and untracked, around an organisation. A further 34% highlight the difficulties associated with classifying which data to encrypt. This is a crucial piece of the puzzle – different data types require different levels of protection. Keeping secrets is expensive, and businesses should avoid trying to boil the ocean by according the same level of protection to the ‘crown jewels’ as they do the mundane, everyday data.
The second is key management. Although this is not a new problem – and has been successfully addressed in heavily regulated industries such as payment processing – industries whose adoption of encryption is less mature are feeling the pinch. On a 10-point scale, 56% of survey respondents rate the overall “pain” associated with managing keys or certificates within their organisation as a seven or above and 33% rate the pain as 9 or above out of 10..
We can track this pain back to three major sources – no clear ownership (58%), isolated and fragmented systems (50%), and a lack of skilled personnel (47%). These issues are all interlinked, and are reflective of the tactical approach to encryption that we see in many enterprises. 67% respondents admitted that encryption is driven by individual requirements, rather than with a strategic goal in mind (just 33% respondents). Looking deeper into the data, we see an overwhelming and worrying reliance on manual processes, whether spreadsheets or paper-based, to manage keys.
It is clear from this research that encryption and key management are universal issues – employee and HR data is reported as most likely to be encrypted (61% respondents). This is clearly no longer the preserve of financial services companies and Government – sensitive, and often regulated, data runs through businesses of all types. A universal issue with a universal challenge – understand your data, what is it worth, and how it should be protected. Encrypt what you care about – your lock is only as strong as your key.
Click here to read the report in full
By Richard Moulds, VP Strategy, Thales e-Security
About Thales e-Security
Thales e-Security is a leading global provider of data protection solutions with more than 40 years experience securing the world’s most sensitive information. Our customers—businesses, governments, and technology vendors with a broad range of challenges—use Thales products and services to improve the security of applications that rely on encryption and digital signatures. By protecting the confidentiality, integrity, and availability of sensitive information that flows through today’s traditional, virtualized, and cloud-based infrastructures, Thales is helping organizations reduce risk, demonstrate compliance, enhance agility, and pursue strategic goals with greater confidence.
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.