Now in its 11th year, our Global Encryption Trends report has once again delivered its annual assessment of encryption use across the world.
Certainly, the high-profile data breaches of the past few years have given businesses a scare. Many more are starting to see that an encryption strategy is important to their business. In fact, the number of organizations implementing a robust encryption strategy is on the rise – with over a third (37%) stating they now have an encryption strategy in place compared with less than one in five (15%) a decade ago.
First things first, businesses need to understand what their sensitive data is, and where it resides. The second part is a much trickier proposition as data continues to proliferate to the cloud, to new devices, and to new platforms in the name of speed and convenience. Over half of respondents (57%) noted that discovering where sensitive data resides in their organization is their most difficult encryption deployment challenge. Keeping secrets is expensive, and businesses should avoid trying to boil the ocean by enforcing the same level of protection to the ‘crown jewels’ as they do the mundane, everyday data. At the same time, they should avoid the false sense of security that can come from encrypting data in one location, and leaving the same data unprotected in others.
For the second year running, employee and HR data is reported as the most likely data to be encrypted (62%), with payment related data (55%) and intellectual property (49%) close behind. Organizations are seemingly becoming more sensitive to protecting the personal information of their employees, and also experiencing the dynamics of new internal drivers for data protection solutions.
While the threat of an outsider gaining access to a businesses’ data is a big enough fear on its own, organizations must also worry about risks from the inside – and not necessarily just malicious insiders. Interestingly, decision makers in our study rated employee mistakes as the most significant threat to sensitive data. Robust access control policies that use encryption, strong authentication, and multi-person controls in a layered fashion are best positioned to help prevent, or at least significantly reduce, inadvertent disclosures.
While IT departments are clearly concerned about the potential for employee mistakes or misconduct leading to a data breach or vulnerability, the cloud also represents a growing security challenge. Our research found that more than half of respondents (56%) are currently transferring sensitive or confidential data to the cloud whether it is encrypted (or similarly protected) or not – and this will rise to a total of 84% in the next two years. Clearly, for many, the benefits of cloud computing outpace the risks of sensitive data disclosure.
Overall, our study has indicated there is certainly a greater awareness of the importance of data protection, with high profile hacks certainly putting cyber security at the very top of every CIO’s agenda. However, awareness is just the first step towards safeguarding sensitive or confidential information. Once you know the information that needs protecting – and where it is located – placing well-implemented encryption, with strong key management, at the heart of your security strategy will help keep sensitive data safe.
Click here to read the report in full