“Multi-cloud use and compliance requirements shape encryption strategies” finds Thales’ Global Encryption Study

Critical information systems, cyber security and data security specialist Thales has announced the results of the company’s extensive 2018 Global Encryption Trends Study. The report, which is based on independent research conducted by The Ponemon Institute and sponsored by Thales, reflects some of the changes and challenges organisations are experiencing in a world marked by widespread cloud deployments, the use of multiple public cloud providers and new regulations such as the European Union’s upcoming General Data Protection Regulation (GDPR).

This year, 43% of respondents report that their organisation has an encryption strategy applied consistently across their enterprise. This strategy is leveraged to protect sensitive data against cyber criminals, help organisations address complex compliance requirements and guard against human error.

Encryption, which is achieved with software or hardware tools such as hardware security modules (HSMs), is often coupled with Best Practice-based key management. Encryption is also playing an increasingly large role in protecting the enormous adoption of organisations deploying to the cloud.

Among the study’s key findings are the following:

*84% of respondents either use the cloud for sensitive/non-sensitive applications and data today or will do so at some point in the next 12-24 months

*61% of respondents are using more than one public cloud provider, while 71% plan to do so in the next two years

*39% encrypt in public cloud services (such as Amazon Web Services, Microsoft Azure and Google Cloud), a number that has risen by 11% since last year’s report

*Overall HSM use grew to 41% (the highest level ever). The most common use cases for HSMs are SSL/TLS and application-level encryption, with 20% of respondents reporting that they use HSMs with blockchain applications

*49% of enterprises are either partially or extensively deploying encryption of Internet of Things (IoT) data on IoT devices and platforms

Areas of challenge

This year’s statistics are encouraging, but the report does show areas of challenge. Data discovery rates as the top data encryption planning/execution challenge for 67% of respondents, a number that is 8% higher than in 2017.

Respondents from the UK, Germany, the US and France have the most challenges in front of them, which likely points to activities associated with preparation and compliance of data privacy regulations such as the GDPR which comes into effect in May of this year.

When considering the majority of organisations polled are using more than one public cloud provider, the report also raises questions about how organisations are enforcing consistent encryption and key management policies across multiple cloud vendors. Securing data in a multi-cloud environment can be especially problematic for organisations seeking compliance, and particularly so if they’re attempting to initiate a single organisational policy using different native tools from multiple cloud providers. Not surprisingly, policy enforcement is second only to performance as the most valued feature of encryption solutions in this year’s study.

Dr Larry Ponemon, chairman and founder of The Ponemon Institute, stated: “While enterprises are rightfully encrypting cloud-based data, 42% of organisations indicate they will only use keys for cloud-based Data-at-Rest encryption that they control themselves. Similarly, organisations using HSMs in conjunction with public cloud-based applications prefer to own and operate those HSMs on-premise. Control over the cloud is highly important to companies increasingly under pressure from data security threats and compliance requirements.”

John Grimm, senior director of security strategy at Thales eSecurity, added: “Companies navigating today’s threat landscape are understandably seeking out fast and scalable encryption tools that encompass enterprise and cloud use cases, while also enforcing policy consistently across both models. Fortunately, enterprises have more data protection choices today than when the ‘race to the cloud’ began. These options include Bring Your Own Key and Bring Your Own Encryption solutions, which allow enterprises to apply the same encryption and key management solution across multiple platforms.”

Background to the survey

The Global Encryption Trends Study is now in its thirteenth year. For the 2018 report, The Ponemon Institute surveyed more than 5,000 professionals across multiple industry sectors in the UK, the US, Germany, France, Australia, Japan, Brazil, the Russian Federation, Mexico, India, Saudi Arabia, the United Arab Emirates and Korea.

Copies of the 2018 Global Encryption Trends Study can be downloaded here.

Industry insight and views on the latest data security trends may be accessed on the Thales eSecurity blog at blog.thalesesecurity.com

About the Author
Brian Sims BA (Hons) Hon FSyI, Editor, Risk UK (Pro-Activ Publications) Beginning his career in professional journalism at The Builder Group in March 1992, Brian was appointed Editor of Security Management Today in November 2000 having spent eight years in engineering journalism across two titles: Building Services Journal and Light & Lighting. In 2005, Brian received the BSIA Chairman’s Award for Promoting The Security Industry and, a year later, the Skills for Security Special Award for an Outstanding Contribution to the Security Business Sector. In 2008, Brian was The Security Institute’s nomination for the Association of Security Consultants’ highly prestigious Imbert Prize and, in 2013, was a nominated finalist for the Institute's George van Schalkwyk Award. An Honorary Fellow of The Security Institute, Brian serves as a Judge for the BSIA’s Security Personnel of the Year Awards and the Securitas Good Customer Award. Between 2008 and 2014, Brian pioneered the use of digital media across the security sector, including webinars and Audio Shows. Brian’s actively involved in 50-plus security groups on LinkedIn and hosts the popular Risk UK Twitter site. Brian is a frequent speaker on the conference circuit. He has organised and chaired conference programmes for both IFSEC International and ASIS International and has been published in the national media. Brian was appointed Editor of Risk UK at Pro-Activ Publications in July 2014 and as Editor of The Paper (Pro-Activ Publications' dedicated business newspaper for security professionals) in September 2015.

Related Posts