Encryption Established As Strategic Issue And Leading Indicator Of Security Posture
Thales, leader in information systems and communications security, today releases the 2011 UK Encryption Trends Study. This is the only annual report that focuses on the use of encryption in the UK and part of a seven year global study conducted by independent research firm the Ponemon Institute and commissioned by Thales. The report reveals warning signs that the UK lags behind many of its closest competitors such as Japan, the US and Germany in both awareness of data security risks and deployment of encryption solutions to counter those risks.
On a positive note, the report shows that the overall security posture of UK organisations taking part in the survey has steadily increased over the six years that the Ponemon Institute has conducted this research in the UK. This is underscored by a 15% compound annual growth rate in the use of encryption by participating UK companies, a factor that correlates very strongly with general awareness of data security threats and an a clear understanding of how best to respond to those risks. Overall, 79% of UK respondents said that data protection techniques such as encryption are an important component of their risk management efforts and on average expected to increase encryption budgets by 20% in 2012 compared to 2011.
Since the research began tracking encryption trends in 2006, more respondents in UK organisations report that they already have or are now adopting an overall encryption strategy that is applied consistently across the enterprise. Compliance with privacy and data security regulation is the most commonly cited driver for deploying encryption among those organisations that have an overall encryption strategy in place. Regarding how encryption technology is currently used within the enterprise, respondents ranked back-up files, databases and external communications networks as the top three examples of where encryption was used extensively in their organisations.
When asked about their understanding of encryption technologies and deployment priorities in the UK, respondents demonstrated a high level of awareness and sophistication, for example:
- 80% recognized the need to maintain the secrecy of encryption keys
- 70% rated the protection of encryption keys in dedicated hardware devices (such as hardware security modules) as important or very important
- 69% recognized the importance of independent security certification for encryption technologies
- 69% highlight that automated key management for encryption keys is either important or very important and 71% believe that investment in key management systems reduces IT operating costs.
Richard Moulds, vice president strategy, Thales says: “Although there are some warning signs that the UK may be currently lagging behind other nations in the general area of data security it is important to remember that this technology area is very dynamic. Data protection technologies such as encryption have been an important part of the security landscape for many years but are now rapidly becoming established as critical elements of mainstream security strategies. Thales is proud to sponsor this important research programme.and to help increase the awareness of important deployment choices and best practices within the UK IT security community. We look forward to working closely with our customers to ensure they derive the maximum protection for their most valuable data while minimising the impact on their business and easing their path to regulatory compliance.”
651 business and IT managers at UK organisations were surveyed for the report. The first encryption trends study was conducted in the US in 2005. Since then the scope of the research has been expanded to include countries in various regions of the globe.
Download 2011 Encryption Trends Study United Kingdom and the 2011 Global Encryption Trends Study
Visit the Thales Key Management Insights blog for overviews of key management issues, industry news and comment.
About the Ponemon Institute
The Ponemon Institute© is dedicated to advancing responsible information and privacy management practices in business and government. To achieve this objective, the Institute conducts independent research, educates leaders from the private and public sectors and verifies the privacy and data protection practices of organizations in a variety of industries.