As more and more organizations migrate to cloud and create multi-cloud environments, they’re feeling the pain of increased complexity and loss of control: Sensitive and valuable data is zinging around the enterprise and to and from public and private clouds, making it hard to know where that data is located — and even harder to protect it.
This year’s Entrust 2022 Global Encryption Trends Study focused in on this multi-cloud security challenge. The 17th-annual report, conducted by the Ponemon Institute, looks at how more than 6,000 companies across multiple sectors and 17 countries/regions are prioritizing their digital security investments to regain control of the data in their dynamic cloud environments.
So, what are the big takeaways?
Data is more vulnerable than ever
Data security threats continue to increase, setting the stage for the urgency around everything else covered by the report. We all see it in the headlines, and most organizations feel it directly: 72% of organizations surveyed have suffered a data breach, with half reporting a breach within the last 12 months.
The threats are coming from all directions. Employee mistakes are still the biggest source of sensitive data breaches, accounting for nearly half (47%). But combining malicious insiders (20%) and external hackers (29%), we see that intentional actors account for around half of top-ranked threats.
A major jump in encryption adoption
Effective encryption protects against both intentional and unintentional breaches, so it’s encouraging to see this: The Ponemon Institute reported the sharpest increase in encryption strategy adoption in the nearly two decades of this study. While encryption adoption has been slowly climbing by 2-3% annually, adoption jumped up 12% over the past year.
Essential industries amping up encryption
Not surprisingly, organizations in tech, software, education, and research have traditionally been leaders in encryption usage. But this year’s most significant increases in extensive encryption usage occurred in manufacturing, energy & utilities, and the public sector.
This reflects growing awareness of vulnerabilities and incidences of high-profile breaches in these sectors, particularly as geopolitical conflicts heighten the risk of state-sponsored/condoned cyberattacks on core industries. Moreover, global events over the past few years have demonstrated just how fragile supply chains, power grids and other critical infrastructure can be — and the impact of any disruption in these areas on global economies.
HSMs becoming vital and versatile tools to gain control
As they prioritize and invest in future-ready encryption strategies, hardware security modules (HSMs) are becoming an essential and versatile component of organizations’ security posture. Half of respondents said they’re using an HSM as a foundational part of their multi-cloud security strategies.
There’s also a big shift in how they’re leveraging HSMs to support cloud cases: To accommodate the decentralized complexity of today’s digital enterprise landscape, 55% of organizations say they’ve moved to a private cloud model where a centralized team provides cryptography as a service across the entire organization — instead of the traditionally siloed, application-specific model. Over the next year, 1 in 4 say they’re planning to use HSMs with cloud access security brokers — and one-third say they’re planning to deploy an owned and operated HSM for the purpose of generating and managing BYOK keys to send to the cloud.
Enterprises accelerating move to the cloud, regardless of security concerns
Despite the spike in adoption of encryption strategies, respondents reported several barriers and challenges around encryption. Nearly two-thirds said key management is a painful challenge — made more difficult by the ongoing tech talent shortage in IT and security roles. More than half said the biggest challenge is simply identifying where data lives and moves in order to encrypt it.
Nevertheless, it’s clear that the benefits of cloud computing continue to outweigh the data security risks — and the pains and challenges of mitigating those risks. More than half of respondents said their organizations transfer sensitive or confidential data to the cloud whether or not it is encrypted or made unreadable via some other mechanism such as tokenization or data masking. Another 27% said they plan to begin doing so in the next year or two — again, regardless of whether they deploy comprehensive encryption first.
Bottom line: The data is in the cloud and threats keep accelerating. The best path forward ensures that organizations are in the know and in control of their cryptographic infrastructure.
Download the 2022 Global Encryption Trends Study: https://www.entrust.com/c/global-encryption-trends-study