Thales Global Encryption study finds that multi-cloud use and compliance requirements shape encryption strategy

Thales announced on Thursday results of its 2018 Global Encryption Trends Study. The report, based on independent research by the Ponemon Institute and sponsored by Thales, reflects some of the changes and challenges organizations are experiencing in a world marked by widespread cloud deployments, use of multiple public cloud providers and new regulations such as the EU General Data Protection Regulation (GDPR).

The study revealed that 84 percent of respondents either use the cloud for sensitive/non-sensitive applications and data today, or will do so in the next 12-24 months; 61 percent of respondents are using more than one public cloud provider, and 71 percent plan to in the next two years; and 39 percent encrypt in public cloud services (such as Amazon Web Services, Microsoft Azure and Google Cloud), a number that has risen 11 percent since last year’s report.

It also reported that the overall HSM use grew to 41 percent — the most common use cases for HSMs are SSL/TLS and application level encryption, with 20 percent of respondents reporting that they use HSMs with blockchain applications; and 49 percent of enterprises are either partially or extensively deploying encryption of IoT data on IoT devices and platforms.

This year, 43 percent of respondents report that their organization has an encryption strategy applied consistently across their enterprise. This strategy is leveraged to protect sensitive data against cyber criminals, help organizations address complex compliance requirements, and guard against human error.

Encryption, which is achieved with software or hardware tools such as hardware security modules (HSMs), is often coupled with best practice-based key management. Encryption is also playing an increasingly large role in protecting the enormous adoption of organizations deploying to the cloud.

This year’s statistics are encouraging, but the report does show areas of challenge. Data discovery rates as the top data encryption planning/execution challenge by 67 percent of respondents, a number that is 8 percent higher than 2017.

Respondents from the UK, Germany, the US and France have the most challenges, which likely points to activities associated with preparation and compliance of data privacy regulations such as GDPR which comes into effect in May this year.

When considering the majority of organizations polled are using more than one public cloud provider, the report also raises questions about how organizations are enforcing consistent encryption and key management policies across multiple cloud vendors.

Securing data in a multi-cloud environment can be especially problematic for organizations seeking compliance, particularly if they are attempting to instantiate a single organizational policy using different native tools from multiple cloud providers. Not surprisingly, policy enforcement is second only to performance as a most valued feature of encryption solutions in this year’s study.

“Companies navigating today’s threat landscape are understandably seeking out fast, scalable encryption tools that encompass enterprise and cloud use cases, and enforce policy consistently across both models,” said John Grimm, senior director of security strategy at Thales eSecurity. “Fortunately, enterprises have more data protection choices today than when the race to the cloud began. These options include bring your own key (BYOK) and bring your own encryption (BYOE) solutions, which allow enterprises to apply the same encryption and key management solution across multiple platforms.”

“While enterprises are rightfully encrypting cloud-based data, 42% of organizations indicate they will only use keys for cloud-based data-at-rest encryption that they control themselves,” said Dr. Larry Ponemon, chairman and founder of The Ponemon Institute. “Similarly, organizations that use HSMs in conjunction with public cloud-based applications prefer to own and operate those HSMs on-premises. These findings tell us control over the cloud is highly important to companies increasingly under pressure from data security threats and compliance requirements.”

The Global Encryption Trends Study is now in its thirteenth year. The Ponemon Institute surveyed more than 5,000 people across multiple industry sectors in the United States, United Kingdom, Germany, France, Australia, Japan, Brazil, the Russian Federation, Mexico, India, Saudi Arabia, the United Arab Emirates, and Korea.


IoT Innovator Newsletter

Get the latest updates and industry news in your inbox! Enter your email address and name below to be the first to know.