Thales announces the publication of its latest Global Encryption Trends Study. The report, based on independent research by the Ponemon Institute and sponsored by Thales, reveals that encryption continues to be viewed as a strategic issue and that organizations are increasing their investment in encryption across the enterprise in response to compliance regulations and cyber-attacks.
More than 4,000 business and IT managers were surveyed in the US, UK, Germany, France, Australia, Japan and Brazil, examining global encryption trends and regional differences in encryption usage. The report is now in its eighth year since its launch in 2005.
There has been a steady increase in the deployment of encryption solutions used by organizations over the past eight years. The percentage of overall IT security spending dedicated to encryption has also increased, almost doubling from 10% to 18%, demonstrating that organizations are prioritizing encryption over other security technologies.
Encryption continues to be viewed as a strategic issue with business leaders rather than IT or security professionals gaining greater influence over their organization’s encryption strategy. For the first time business managers in the US became the most influential group, demonstrating that encryption is no longer seen as just an IT issue but one that affects an entire organization – unlike most other security technologies.
Perceptions about the most significant threats to the exposure of sensitive or confidential data are employee mistakes, forced disclosures triggered by e-discovery requests and system or process malfunctions. Combined, these concerns over inadvertent exposure outweigh concerns over actual attacks (hackers and malicious insiders) by more than 2:1.
The top data protection priorities focus on identity and access management, data discovery, protecting data in use within business applications and protecting data in outsourced or cloud environments. Protecting data in cloud environments rose to 4th from 12th ranking compared with last year’s survey.
When it comes down to buying criteria performance is always the top concern, but the next largest issues are all about key management with 38% of respondents saying they have a formal key management strategy and that figure is expected to grow. To support that strategy, the relatively new Key Management Interoperability Protocol (KMIP) standard that allows organizations to deploy centralized key management systems that span multiple use cases and equipment vendors, has already established a relatively high level of awareness among IT and IT security practitioners. KMIP is perceived to be of increasing importance and is expected to contribute most in the encryption and key management strategies focussed on cloud, storage and application-centric deployments.
Hardware security modules (HSMs) are increasingly considered an important component of a key management strategy. These devices are used to protect critical data processing activities and can be used to strongly enforce security polices and access controls.