Thales, an information systems security firm, has published its latest 2013 Global Encryption Trends Study. The report, based on research by the Ponemon Institute and sponsored by Thales, suggests that use of encryption continues to grow in response to consumer concerns, privacy compliance regulations and on-going cyber-attacks and yet there are still challenges in executing data encryption policy.
More than 4,800 business and IT managers were surveyed in the US, UK, Germany, France, Australia, Japan, Brazil and for the first time Russia, examining global encryption trends and regional differences in encryption usage. Results from the Russian survey showed adoption of encryption in the region to be very much in line with the rest of the countries surveyed. The report is now in its ninth year since its launch in 2005.
The results of the study show there has been a steady increase in the deployment of encryption solutions used by organizations over the past nine years, with 35 per cent of organizations now having an encryption strategy applied consistently across the entire enterprise compared with 29pc last year. The survey also indicated that only 14pc of organizations surveyed do not have any encryption strategy compared with 22pc last year.
For the first time the primary driver for deploying encryption in most organizations is to lessen the impact of data breaches, whereas in previous years the primary concern was protecting the organization’s brand or reputation. Of those that believe they have an obligation to disclose data breaches nearly half believe that encrypting their data provides a safe harbour that avoids the need to disclose that the actual breach occurred. The fastest growing reason as to why organizations are deploying encryption is to ensure they meet their commitments to their customers’ privacy with 42pc of organizations focussing on their customer’s interests rather than for their own benefit, which has increased by 5pc compared with last year.
The number one perceived threat to the exposure of sensitive or confidential data remains employee mistakes, according to 27pc of respondents. When employee mistakes are combined with accidental system or process malfunctions, concerns over inadvertent exposure outweigh concerns over actual malicious attacks by more than two to one. Furthermore, forced disclosures triggered by e-discovery requests now represent the second highest perceived threat to the loss of sensitive data.
When asked about where encryption is used, organizations ranked backup tapes and databases as most important followed by network encryption and laptop encryption. Cloud encryption had a relatively low ranking compared with other encryption use cases ranking outside the top ten.
Dr Larry Ponemon, chairman and founder of The Ponemon Institute, says: “Encryption usage continues to be a clear indicator of a strong security posture but there appears to be emerging evidence that concerns over key management are becoming a barrier to its more widespread adoption. For the first time in this study we drilled down into the issue of key management and found it emerging as a huge operational challenge. But questions are and should be asked about the broader topics of policy issues and choice of encryption algorithms – especially in the light of recent concerns over back doors, poorly implemented crypto systems and weak key management systems.”
And Richard Moulds, vice president strategy at Thales e-Security says: “Whilst key management may be emerging as a barrier to encryption deployment, it is not a new issue. The challenges associated with key management have already been addressed in heavily regulated industries such as payments processing, where best practices are well proven and could translate easily to a variety of other verticals. With more than 40 years’ experience providing key management solutions. Thales is ideally positioned to help organizations re-assess and re-evaluate their crypto security and key management infrastructure and deliver solutions that ensure their integrity and trustworthiness.”
Download a copy of the new Global Encryption Trends Study at: http://www.thales-esecurity.com/cpn/global-encryption-trends-study
