Thales Blog

Data Privacy: Lessons Learned From Recent Research

January 28, 2016

As we have seen in just the past couple of days, sensitive data - from credit card information to Personal Identifiable Information - is continually being lost or stolen. Data Privacy Day is raising awareness on the need to secure sensitive data even as organizations struggle to secure sensitive data properly and implement data protection technologies to mitigate data loss.

The most successfully way to protect sensitive data is through encryption and proper key management. Encrypted data is worthless to anyone without the keys to unencrypt the data and by properly safeguarding the cryptographic keys the data won’t be compromised.

Over the last year, we have done a number of survey’s on data encryption and PKI, an in honor of Data Privacy Day, I thought it would be useful to summarize some of the most important points.


  • The biggest challenge faced by organizations executing a data encryption policy was in discovering where within their networks their sensitive data actually resides. This is obviously a problem, since you can’t protect what you can’t see.
  • The top three reasons for deploying encryption are compliance with data protection mandates, to address specific security threats and to reduce the scope of compliance audits. While it’s important to maintain compliance, it is also important to remember that compliance represents a minimum security standard; more can and should be done.
  • The use of encryption had a dramatic effect on the perceived requirement to notify those affected in the event of a data breach, with nearly half of respondents to a Ponemon survey believing that the use of encryption removed the need to disclose a breach.
  • More than half of respondents view hardware security modules (HSMs) as an important part of a key management strategy. HSMs are purpose-built, highly secure appliances or stand-alone processors that implement trusted encryption functions.


  • Cloud-based services are the most significant driver for PKI-based application adoption.
  • However, 63 percent of respondents to our Global Encryption Trends survey said that the most significant challenge organizations face around PKI is the inability of their existing PKIs to support new applications.
  • Only 11 percent of respondents say there is accountability and responsibility for PKI and the applications that rely upon it.
  • A large percentage of respondents said they had no revocation techniques.
  • The top three places where HSMs are deployed to secure PKIs are issuing certificate authorities together with offline and online root certificate authorities.

These trends—good, bad and ugly—speak to an inconsistent observance of best practices and lack of clarity regarding ownership and responsibility for critical security processes. As data thieves continue their assault from all quarters, protecting data means proper key management and the use of hardware-based security. Protecting data in these ways creates a foundation of trust for your customers, increases brand value and reduces organizational risk, helping to create true data privacy both now and looking forward into the future.