Building a slide deck, pitch, or presentation? Here are the big takeaways:
- 43% of organizations have an encryption strategy applied consistently across the enterprise. — Thales eSecurity and Ponemon Institute, 2018
- 39% of organizations encrypt in public cloud services, an increase of 11% since last year. — Thales eSecurity and Ponemon Institute, 2018
Enterprises are increasingly looking to encryption to protect sensitive data, address compliance requirements, and guard against human error, according to a Thursday report from Thales eSecurity and the Ponemon Institute.
Of the 5,252 professionals surveyed worldwide, 43% said that their organization has an encryption strategy that is applied consistently across their enterprise.
In recent years, encryption has been at the center of a number of battles between law enforcement and technology companies, including the FBI and Apple. In January, the FBI said the agency couldn't access 7,775 devices in 2017 because the contents were encrypted, and argued that the security measure gets in the way of criminal investigations, as reported by our sister site ZDNet.
SEE: Encryption policy (Tech Pro Research)
Enterprise encryption adoption is being shaped by multi-cloud use and new regulations such as the EU General Data Protection Regulation (GDPR), the report noted. Some 84% of respondents said they either use the cloud for both sensitive and non-sensitive applications and data today, or that they plan to do so in the next 12-24 months. While 61% of respondents said they are using more than one public cloud provider, 71% plan to do so in the next two years, the report found.
Some 39% of organizations are encrypting in public cloud services, such as Amazon Web Services (AWS), Microsoft Azure, and Google Cloud—an increase of 11% from last year, according to the report.
Hardware security module (HSM) use grew to 41% this year—the highest level recorded, the report noted. The most common uses for HSMs are SSL/TLS and application-level encryption, with 20% of respondents reporting that they use HSMs with blockchain applications.
The Internet of Things (IoT) is also driving encryption strategies: Nearly half (49%) of organizations said they are either partially or extensively deploying encryption of IoT data on IoT devices and platforms, the report found.
While encryption numbers have increased, it's not all smooth sailing: 67% of organizations reported data discovery rates as the top data encryption planning/execution challenge, following by initially deploying the encryption technology (44%), and classifying which data to encrypt (34%).
"While enterprises are rightfully encrypting cloud-based data, 42% of organizations indicate they will only use keys for cloud-based data-at-rest encryption that they control themselves. Similarly, organizations that use HSMs in conjunction with public cloud-based applications prefer to own and operate those HSMs on-premises," Larry Ponemon, chairman and founder of the Ponemon Institute, said in a press release. "These findings tell us control over the cloud is highly important to companies increasingly under pressure from data security threats and compliance requirements."
- Special report: The cloud v. data center decision (free PDF) (TechRepublic)
- Cryptographic crumpling: The encryption 'middle ground' for government surveillance (ZDNet)
- Cheat sheet: How to become a cybersecurity pro (TechRepublic)
- High-end camera makers ignore pleas from professionals to add encryption feature (ZDNet)
- Encrypting communication: Why it's critical to do it well (TechRepublic)
Alison DeNisco Rayome has nothing to disclose. She does not hold investments in the technology companies she covers.
Alison DeNisco Rayome is a Staff Writer for TechRepublic. She covers CXO, cybersecurity, and the convergence of tech and the workplace.