Thales and Ponemon Institute study shows the widespread deployment of encryption increasing and growing prominence of key management as a pain point
Thales, leader in critical information systems and cybersecurity, announces the publication of its latest 2015 Global Encryption and Key Management Trends Study. The report, based on independent research by the Ponemon Institute and sponsored by Thales, reveals that the use of encryption continues to grow in response to consumer concerns, privacy compliance regulations and on-going cyber-attacks and yet there are still major challenges in managing key across what are the mostly fragmented and tactical deployments of encryption technologies.
More than 4,700 business and IT managers were surveyed in the US, UK, Germany, France, Australia, Japan, Brazil, Russia and for the first time India and Mexico, examining global encryption trends and regional differences in encryption usage. The report is now in its tenth year since its launch in 2005.
News facts:
- Use of encryption continues to rise with 34% of respondents reporting that their organization uses encryption extensively
- Deployment of encryption is steadily shifting from a tactical to a strategic activity with 36% of organizations having an enterprise wide encryption strategy
- The top three reasons for deploying encryption are compliance with data protection mandates, to address specific security threats and to reduce the scope of compliance audits
- The use of encryption had a dramatic effect on the perceived requirement to notify those effected in the event of a data breach with nearly half of respondents believing that the use of encryption removed the need to disclose a breach
- The number one perceived threat to sensitive data is employee mistakes rather than external attack
- Despite cloud and big data getting all the hype, these are the least likely areas to use encryption – whereas backend storage, archives and databases are the most likely
- The biggest challenge faced by organizations executing a data encryption policy was in discovering where within their networks their sensitive data actually resides
- Key management is identified as a major pain point by more than half of respondents
- The primary reasons why key management is so painful are lack of corporate ownership, fragmented systems and inadequate tools
- More than half of respondents view hardware security modules (HSMs) as an important part of a key management strategy
Dr Larry Ponemon, chairman and founder of The Ponemon Institute, says:
“Encryption usage continues to be a clear indicator of a strong security posture but there appears to be emerging evidence that concerns over key management are becoming a barrier to its more widespread adoption. In this study we drilled down into the issue of key management and found it continues to be a huge operational challenge. What is clear is that many organizations lack formal ownership and accountability when it comes to key management which is very concerning when you consider the value of the data being protected and operational implications of losing or mismanaging keys.”
Richard Moulds, vice president strategy at Thales says:
“Whilst key management is now being recognized as a widespread organizational challenge, it is not a new issue. The challenges associated with key management have been addressed in heavily regulated industries such as payments processing, where best practices are well proven and could translate easily to a variety of other verticals. With more than 40 years’ experience providing key management solutions, Thales is ideally positioned to help organizations re-assess and re-evaluate their crypto security and key management infrastructure and deliver solutions that ensure their integrity and trustworthiness.”
Download your copy of the new 2015 Global Encryption and Key Management Trends Study
Check out our Global Encryption Trends InfoGraphic
About the Ponemon Institute
The Ponemon Institute© is dedicated to advancing responsible information and privacy management practices in business and government. To achieve this objective, the Institute conducts independent research, educates leaders from the private and public sectors and verifies the privacy and data protection practices of organizations in a variety of industries.