Use of Company-wide Encryption Strategy Accelerating to Meet Multi-cloud Security Challenges, Reveals Entrust 2022 Global Encryption Trends Study
Entrust-sponsored and conducted by the Ponemon Institute, research highlights gaps impacting organizations’ ability to meet rising threats
MINNEAPOLIS (June 1, 2022) – Organizations reporting having a consistent, enterprise-wide encryption strategy leapt from 50 percent to 62 percent, as they seek greater control of the data they have distributed across multiple cloud environments. This and other findings are highlighted in the Entrust 2022 Global Encryption Trends Study, the seventeenth annual multinational survey of security and IT professionals conducted by the Ponemon Institute.
The study reports on the cybersecurity challenges organizations face today, and how and why organizations protect their data. Key findings include:
Companies are taking data protection more seriously, but there’s still a way to go
While the Ponemon research has shown a steady increase in enterprise-wide encryption adoption over the years, this year’s study revealed a dramatic jump from 50% to 62% in those respondents saying that their organizations have an encryption policy that is consistently applied. Similarly, 61% of respondents rated the level of their senior leaders’ support for enterprise-wide encryption strategy as significant or very significant.
This year’s report also revealed significant decreases since 2021 in the top two biggest challenges in planning and executing a data encryption strategy, namely finding the data (55% down from 65%) and classifying it (27% down from 34%).
"The large jump in respondents reporting consistently applied encryption policies across their organizations, together with high support from senior leadership points to a real enterprise awakening to the need for proactive data security,” said John Metzger, vice president of product marketing for digital security solutions at Entrust. “While this year’s study also reveals that there are still gaps in the implementation of encryption for several categories of data - it’s nonetheless a big step forward."
While the results indicate that companies have gone from assessing the problem to acting on it, they also reveal encryption implementation gaps across many sensitive data categories. For example, just 34% of respondents say that encryption is extensively deployed across containers, 31% for big data repositories and 34% across IoT platforms. Similarly, while 63% of global respondents rate hardware security modules (HSMs) as an important part of an encryption and key management strategy, half said they were still lacking HSMs. These results highlight the accelerating digital transformation underpinned by the movement to the cloud, as well as the increased focus on data protection.
Organizations seek greater control of their cloud data
This year’s study also reveals how the flow of sensitive data into multiple cloud environments is forcing enterprises to increase their security in this space. Notably, this includes containerized applications, where the use of HSMs reached an all-time high of 40%.
More than half of respondents (55%) admit their organizations transfer sensitive or confidential data to the cloud whether or not it is encrypted or made unreadable via some other mechanism such as tokenization or data masking. However, another 27% said they expect to do so in the next one to two years.
"The rising adoption of multi-cloud environments, containers and serverless deployments, as well as IoT platforms, is creating a new kind of IT security headache for many organizations,” added Metzger. “This is compounded by the growth in ransomware and other cybersecurity attacks. This year’s Global Encryption Trends study shows that organizations are responding by looking to maintain control over encrypted data rather than leaving it to platform providers to secure."
When it comes to protecting some or all of their data at rest in the cloud, 44% (up from 36% in 2021) of those surveyed said encryption is performed in the cloud using keys generated and managed by the cloud provider. Another 38% of respondents reported encryption being performed on-premises prior to sending data to the cloud using keys their organization generates and manages, while 21% are using some form of Bring Your Own Key (BYOK) approach. Both of these models remained at the same level as last year’s results.
Together, these findings indicate the benefits of cloud computing outweigh the risks associated with transferring sensitive or confidential data to the cloud, but also that encryption and data protection in the cloud is being handled more directly.
Employees continue to represent a significant threat to sensitive data
When it comes to the sources to threats, respondents identified employee mistakes as the top threat that might result in the exposure of sensitive data - although this is down slightly from last year (47% in 2022 vs 53% in 2021), while the threat from temporary or contract workers reached its highest level ever (28% in 2022 vs 25% in 2021). The other highest ranked threats identified were system or process malfunction (32%) and hackers (29%).
These results make it clear that threats are coming from all directions so it’s distressing, but not surprising that nearly three quarters (72%) of respondents admitted having suffered at least one data breach, and just about half (49%) having suffered one in the last 12 months.
"Over 17 years of doing this study, we’ve seen some fundamental shifts occur across the industry. The findings in the Entrust 2022 Global Encryption Trends study point to organizations being more proactive about cybersecurity rather than just reactive," said Dr Larry Ponemon, chairman and founder of the Ponemon Institute. "While the sentiment is a very positive one, the findings also point to increasingly complex and dynamic IT landscape with rising risks that require a hands-on approach to data security and a pressing need to turn cybersecurity strategies into actions sooner rather than later."
"As more enterprises migrate applications across multi-cloud deployments there is a need to monitor that activity to ensure enforcement of security policies and compliance with regulatory requirements. Similarly, encryption is essential for protecting company and customer data and it is encouraging to see such a significant jump in enterprise-wide adoption," said Cindy Provin, Senior Vice President for Identity and Data Protection at Entrust. "However, managing encryption and protecting the associated keys are rising pain points as organizations engage multiple cloud services for critical functions. As the workforce becomes more transitory, organizations need a comprehensive approach to security built around identity, zero trust, and strong encryption rather than old models that rely on perimeter security and passwords."
Report: 2022 Global Encryption Trends Study
Blog: How does your multi-cloud security strategy measure up?
2022 Global Encryption Trends Study methodology
The 2022 Global Encryption Trends Study, based on research by the Ponemon Institute, captures how the use of encryption has evolved over the past 17 years and the impact of this technology on the security posture. In the study, 6,264 IT professionals were surveyed across multiple industry sectors in 17 countries/regions: Australia, Brazil, France, Germany, Hong Kong, Japan, Mexico, Middle East (which is a combination of respondents located in Saudi Arabia and the United Arab Emirates), Netherlands, the Russian Federation, Spain, Southeast Asia, South Korea, Sweden, Taiwan, the United Kingdom, and the United States.
About Entrust Corporation
Entrust keeps the world moving safely by enabling trusted identities, payments and data protection. Today more than ever, people demand seamless, secure experiences, whether they’re crossing borders, making a purchase, accessing e-government services or logging into corporate networks. Entrust offers an unmatched breadth of digital security and credential issuance solutions at the very heart of all these interactions. With more than 2,500 colleagues, a network of global partners, and customers in over 150 countries, it’s no wonder the world’s most entrusted organizations trust us. For more information, visit http://www.entrust.com.