Multi-cloud models strengthen enterprise-wide encryption strategies

The number of companies implementing a consistent enterprise-wide encryption strategy has increased from 50 percent to 62 percent in the past year. A desire for greater control over data distributed across multiple cloud environments was cited as a driver for this.

These and other findings are the result of the current Entrust Global Encryption Trends Study, which is being published for the seventeenth time this year. The study, commissioned by Entrust and conducted by the Ponemon Institute, analyzes the various challenges and actions organizations are taking to combat cyber security threats. For this purpose, security and IT experts from different nations are surveyed once a year.

Key findings from the Entrust Global Crypto Trends 2022 study include:

Data protection is taken more seriously

Surveys have already shown a steady increase in crypto usage across the company in recent years. This year, however, there was a drastic jump: The percentage of IT professionals whose company consistently implements an encryption policy rose from 50 to 62 percent! Similarly, 61 percent of respondents welcomed their executives’ support for encryption.

Another positive finding of the report is the reduced difficulty in implementing encryption strategies, particularly in locating data (55 percent vs. 65 percent in 2021) and classifying it (27 percent vs. 34 percent).

The results clearly show that companies have not only recognized security problems, but have also addressed them. But they also reveal gaps in the implementation of encryption solutions in some sensitive categories. For example, only 34 percent of respondents said they are encrypting end-to-end data containers or IoP platforms, compared to only 31 percent for big data repositories. The situation is similar with hardware security modules (HSMs). While 63 percent of global respondents consider these to be an important part of an encryption and key management strategy, half say they do not yet have an HSM.

Businesses want more control over their data in the cloud

This year’s study also shows how the distribution of sensitive data across multiple cloud environments is forcing companies to increase security in this area. This is especially true for containerized applications, where HSM adoption has reached an all-time high of 40 percent.

More than half of respondents (55 percent) admit that their organization moves sensitive or confidential data to the cloud — either encrypted or unreadable through some other mechanism, such as tokenization or data masking. However, another 27 percent say they will in the next one to two years.

“The proliferation of multi-cloud environments, container and serverless deployments, and IoT platforms are creating new security concerns for many organizations,” said John Metzger, vice president of product marketing for digital security solutions at Entrust. “This is exacerbated by the rise of ransomware and other cyber security threats. Organizations are responding by trying to maintain control of encrypted data themselves, rather than relying solely on platform providers for their security.”

When it comes to protecting their data at rest in the cloud, 44 percent of IT professionals (up from 36 percent in 2021) say encryption happens in the cloud — with keys generated and managed by the cloud provider . Another 38 percent say their data is already encrypted before it’s sent to the cloud – with keys generated and managed by their own company. Another 21 percent use some form of Bring Your Own Key (BYOK).

Overall, these results show once again that the benefits of cloud computing outweigh the risks associated with moving sensitive data to the cloud. They also make it clear that encryption and data protection in the cloud are now preferably used directly by companies.

Employees represent the greatest source of risk to sensitive data

In terms of sources of risk, security officers cite employee error as the top threat that could lead to sensitive data being exposed – although the number is down slightly compared to last year (47 percent in 2022 vs. 53 percent in 2021), while the perceived risk from temporary or contract workers is at an all-time high (28 percent today vs. 25 percent in 2021). Additionally, system or process outages (32 percent) and hackers (29 percent) are named as particularly critical.

Threats to sensitive data come from all directions. Not surprisingly, nearly three-quarters (72 percent) of all respondents admit that their organization has experienced at least one data breach to date. Almost half (49 per cent) were affected by it in the last 12 months.

“In the 17 years we’ve been analyzing global trends in crypto, we’ve seen some fundamental changes in the industry. This year’s results from the Entrust 2022 Global Crypto Trends study show that in an increasingly complex and dynamic IT landscape, companies are increasingly proactive rather than merely reactive when it comes to cybersecurity,” says Dr. Larry Ponemon, President and Founder of the Ponemon Institute.

Further information:

Find the full study here: 2022 Global Encryption Trends Study

Methodology of the “2022 Global Encryption Trends” study:

The Global Encryption Trends 2022 study, based on research from the Ponemon Institute, documents how the global development of encryption has evolved over the past 17 years, while considering the impact on the overall security posture. The study involved 6,264 IT professionals from various industries in 17 countries/regions: Australia, Brazil, France, Germany, Hong Kong, Japan, Mexico, Middle East (a combination of respondents in Saudi Arabia and the United Arab Emirates), Netherlands, Russian Federation, Spain, Southeast Asia, South Korea, Sweden, Taiwan, United Kingdom and United States.

Leave a Comment