nCipher Security announced on Thursday that as organizations embrace the cloud and new digital initiatives such as the internet of things (IoT), blockchain and digital payments the use of trusted cryptography to protect their applications and sensitive information is at an all-time high, according to the 2019 Global Encryption Trends Study from the Ponemon Institute.
With corporate data breaches making the headlines on an almost daily basis, the deployment of an overall encryption strategy by organizations around the world has steadily increased. This year, 45 percent of respondents say their organization has an overall encryption plan applied consistently across the entire enterprise with a further 42 percent having a limited encryption plan or strategy that is applied to certain applications and data types.
Employee mistakes continue to be the most significant threat to sensitive data (54 percent), more than external hackers (30 percent) and malicious insiders (21 percent) combined. In contrast, the least significant threats to the exposure of sensitive or confidential data include government eavesdropping (12 percent) and lawful data requests (11 percent).
The main driver for encryption is protection of an enterprise’s intellectual property and the personal information of customers – both 54 percent of respondents.
With more data to encrypt and close to 2/3 of respondents deploying 6 or more separate products to encrypt it, policy enforcement (73 percent) was selected as the most important feature for encryption solutions. In previous years, performance consistently ranked as the most important feature.
Cloud data protection requirements continue to drive encryption use, with encryption across both public and private cloud use cases growing over 2018 levels, and organizations prioritizing solutions that operate across both enterprise and cloud environments (68 percent).
With the explosion and proliferation of data that comes from digital initiatives, cloud use, mobility and IoT devices, data discovery continues to be the biggest challenge in planning and executing a data encryption strategy with 69 percent of respondents citing this as their number one challenge.
The use of hardware security modules (HSMs) grew at a record year-over-year level from 41 percent in 2018 to 47 percent, indicating a requirement for a hardened, tamper-resistant environment with higher levels of trust, integrity and control for both data and applications. HSM usage is no longer limited to traditional use cases such as public key infrastructure (PKI), databases, application and network encryption (TLS/SSL).
The demand for trusted encryption for new digital initiatives has driven significant HSM growth over 2018 for code signing (up 13 percent), big data encryption (up 12 percent), IoT root of trust (up 10 percent) and document signing (up 8 percent). Additionally, 53 percent of respondents report using on-premises HSMs to secure access to public cloud applications.
The study showed that the highest prevalence of an enterprise encryption strategy is reported in Germany (67 percent) followed by the United States (65 percent), Australia (5 percent), and the United Kingdom (50 percent). Payment-related data (55 percent of respondents) and financial records (54 percent of respondents) are most likely to be encrypted. Financial records had the largest increase on this list over last year, up 4 percent.
The data also revealed the least likely data type to be encrypted is health-related information (24 percent of respondents), which is a surprising result given the sensitivity of health information and the recent high-profile healthcare data breaches; 61 percent of respondents classify key management as having a high level of associated “pain” (a rating of 7+ on a scale of 10). This figure is almost identical to the 63 percent of organizations that use six or more separate encryption products, suggesting there is clear correlation between the two findings. It also showed support for both cloud and on-premises deployment of encryption has risen in importance as organizations have increasingly embraced cloud computing and look for consistency across computing styles.
“The use of encryption is at an all-time high, driven by the need to address compliance requirements such as the EU General Data Protection Regulation (GDPR), California Data Breach Notification Law and Australia Privacy Amendment Act 2017, and the need to protect sensitive information from both internal and external threats as well as accidental disclosure,” said Dr. Larry Ponemon, chairman and founder of the Ponemon Institute. “Encryption usage is a clear indicator of a strong security posture with organizations that deploy encryption being more aware of threats to sensitive and confidential information and making a greater investment in IT security.”
“Organizations are under relentless pressure to protect their business critical information and applications and meet regulatory compliance, but the proliferation of data, concerns around data discovery and policy enforcement, together with lack of cybersecurity skills makes this a challenging environment,” said John Grimm, senior director of strategy and business development at nCipher. “nCipher empowers customers by providing a high assurance security foundation that ensures the integrity and trustworthiness of their data, applications and intellectual property.”