What will the year 2013 be remembered for? Once twerking and selfies have long been forgotten, the Edward Snowden leaks that began to be revealed to the general public from June 2013 onwards are likely to be etched into the public consciousness for years to come.
So what will the legacy of 2014 be? Do the claims of widespread surveillance mean that we are witnessing the end of anonymity? Or will nation states make a conscious effort to ensure that they strike a balance between security and the desire for privacy? Or, taking a more practical approach, in a recent BBC article suggested that 2014 would be the year of encryption.
I would agree that this might well be the year of encryption – but hang on, didn’t Snowden claim that encryption was broken? Actually no, although some news reports implied that to be the case, in an actual Q&A with the Guardian, Snowden was asked whether data can be protected by encryption. He replied: “Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on.” Other commentators have agreed and said that vulnerabilities with encryption arise from poor or outdated implementations rather than a fundamental flaw in any of the currently recommended algorithms.
These concerns coupled with a rash of data breach in the retail sector make it very timely that our latest Global Encryption Trends Study has just been released. Now in its ninth year, the report reveals how deployment of encryption across the enterprise is on the increase, what’s driving its adoption, what approach organizations take and what deployment challenges they face. Our study indeed reveals that inadvertent exposure is a bigger concern than malicious attacks. Concerns over employee mistakes, forced disclosure from e-discovery requests and systems malfunctions outweigh concern over attacks by more than 2 to 1!
This year we surveyed more than 4,800 business and IT managers from the UK, US, France, Germany, Japan, Brazil, Australia, and for the first time Russia. Two key facts to emerge from this year’s report are that the use of encryption is very closely correlated to overall security posture with the most security aware organizations being more than twice as likely to have an enterprise-wide encryption strategy than those with a lower security posture. The second is that key management has been identified as a major pain point by more than half of those companies surveyed.
Key management is a barrier to the adoption of encryption for some businesses but it doesn’t have to be as fiendishly complex as it once was. Good key management is far from a new issue and one absolutely vital to get right if enterprise data is to be secured. General enterprise would do well to take a leaf out of the payments industry’s book, where best practices have evolved on key management that can well be applied to other verticals.
Do download our Global Encryption Trends report. It illustrates national differences in response to encryption that are all too relevant in our post-Snowden world.