IT and security professionals in Mexico are facing a perfect storm when it comes to protecting their data. While they are focused on protecting customer data, complying with data protection regulations and limiting their liability from breaches or accidental disclosure, they are faced with increased threats from hackers and concerns over third-party service providers, as well as a lack of visibility into what data to protect, and a lack of skilled practitioners to help them plug these gaps. These are some of the key findings from our recent 2021 Mexico Encryption Trends Study.
The evolving threat landscape
According to our research, half of all organizations in the country have experienced a data breach. So, it comes no surprise to me that when asked to name the biggest threat that might result in the exposure of sensitive data, the top answer from respondents in Mexico was hackers. In this context, it may seem odd then that the adoption of enterprise encryption strategies and hardware security modules (HSMs) lags behind global averages. Just a third (34%) of the organizations we surveyed in Mexico have a consistently applied encryption strategy – well below the global average which reached the halfway mark this year – and only three-in-ten (31%) use HSMs (vs. 49% globally).
The security implementation challenge
So, if there’s clearly a recognized, real and present threat to the IT security of organizations in Mexico, why the apparent hesitancy to adopt measures that can help mitigate these risks? As is so often the case, the answer seems to be a combination of factors. Firstly, there is an apparent skill shortage, with just over three-quarters (76%) of organizations in Mexico ranking the lack of skilled personnel as a top reason that makes encryption key management painful, the highest rate worldwide for the third straight year.
On top of this, the study shows that discovering where sensitive data resides is the biggest challenge when planning and executing an encryption strategy in Mexico, and that the fastest-growing challenge for our respondents is classifying which data to encrypt. Add to this a lack of clear ownership of key management for just over half (51%), and no clear understanding of requirements cited as an additional challenge for more than a third (35%) and you have a picture of a large group of organizations across the country who can see the problems, but don’t know the best way to move forward.
Creating a virtuous circle
There is hope though, with the proper tools and support to help implement them effectively, organizations in Mexico can create a virtuous circle that helps overcome these challenges and set them on the path to a comprehensive encryption strategy.
It starts with the selection of a trusted partner. In the absence of skilled internal staff, organizations need to find a partner who can not only provide the products and services needed to encrypt data across the organization and manage the resulting encryption keys, but also help define clear owners and provide the insight and training to find the data and the best methods for encrypting that information. And this is where the virtuous circle starts – as these organizations deploy encryption technologies to protect payment data, financial records and customer information, they have an easier time discovering where sensitive data resides.
As they increase their use of encryption for new scenarios such as IoT and data center storage, they often seek solutions that offer tamper resistance with an HSM, key management and scalability. This process can evolve and expand into new areas as organizations move more workloads to the cloud and adopt and integrate newer technologies such as containerization and blockchain. Overall, the more resilient these IT teams become and the more consistent the encryption strategy they implement, so the threat of data loss, from hackers or even unintentional loss is diminished. This then allows the team more breathing room to focus on enhancing the strategy further, and so the cycle continues.