Our Global Encryption and Key Management Trends report is now in its tenth year, providing an annual ‘pulse check’ on how enterprises are approaching and deploying encryption. The picture across the board is clear – use of encryption is growing across all industries. There can be no doubt that the series of mega breaches and cyber-attacks over the course of the last year have increased companies’ urgency to improve their security posture. Perhaps unsurprisingly, this is particularly true in healthcare and retail which show the greatest leap since last year in adoption of this technology. Names such as Home Depot, Target, and Anthem will not be easily forgotten.
There are two key areas which emerge when considering the biggest barriers to effective execution of a data encryption strategy. First and foremost, for 56% of respondents, the primary challenge is discovering where sensitive data resides in the organization. A further 34% highlight the difficulties associated with classifying which data to encrypt. This is a crucial piece of the puzzle – different data types require different levels of protection. Keeping secrets is expensive and businesses should avoid trying to boil the ocean by affording the same level of protection to the ‘crown jewels’ as they do the details around the company picnic.
The second is key management. Although this is not a new problem – and has been successfully addressed in heavily regulated industries such as payment processing – industries whose adoption of encryption is less mature are feeling the pinch. On a 10-point scale, 56% of survey respondents rate the overall ‘pain’ associated with managing keys or certificates within their organization as a seven or above, and 33% rate the pain as 9 or 10.
We can track this pain back to three major sources – no clear ownership (58%), isolated and fragmented systems (50%), and a lack of skilled personnel (47%). These issues are all interlinked and are reflective of the tactical approach to encryption that we see in many enterprises. 67% of respondents admitted that encryption is driven by individual requirements, rather than with a strategic goal in mind (just 33% respondents). Looking deeper into the data, we see an overwhelming and frankly worrying reliance on manual processes, whether spreadsheets or paper-based, to manage keys.
It is clear from this research that encryption and key management are issues that affect ALL types of companies – as evidence, employee and HR data is reported as most likely to be encrypted (61% respondents). This is clearly no longer an issue isolated to those in the financial services and Government realm – sensitive, and often regulated, data runs through businesses of all types. This is a universal issue with a universal challenge – understand your data, what is it worth, and how it should be protected. Encrypt what you care about, and take care that you are doing encryption properly – your lock is only as strong as your key.
Click here to download the full report