Unlike the rest of the world, adoption of enterprise-wide encryption strategies has not grown in the Middle East, in fact it appears to have shrunk slightly. This is despite the fact that a majority of organizations have experienced a data breach.
These are two the most hard-hitting results from our annual Entrust Middle East Encryption Trends Study which examines how and why enterprises deploy encryption. Conducted by the Ponemon Institute, the 2021 study features insights that help reveal the future of encryption use and the solutions organizations are leveraging to solve the difficulties of working across multiple cloud environments.
According to this year’s study, just 29% of Middle East companies surveyed indicated that they have a consistently applied encryption plan/strategy. This compares with 31% last year and is well below this year’s global average, which finally reached 50%. At the same time, 59% of those organizations reported that they have experienced a data breach, the second highest rate worldwide and well ahead of the global average of 44%.
It’s not all doom and gloom. Security and IT professionals across the Middle East are adopting encryption at a higher rate for newer use cases like containers (44% vs. 32% globally) and IoT platforms (up a total of 19% over the past two years), as well as for email and private cloud infrastructures. They are also increasingly using hardware security modules (HSMs) in conjunction with cloud access security brokers (up 9% over the past 3 years) and to generate keys that they bring to cloud environments (47% vs. 38% globally). Similarly, for the fourth straight year, organizations in the Middle East showed a stronger preference than other regions to use only keys under their control when encrypting data at rest in the cloud (50% vs. the 46% globally). In fact, the region continues to have one of the highest HSM adoption rates, demonstrating a desire for greater control over critical applications and data.
So why do Middle Eastern organizations lag behind the rest of the world in having a consistent encryption strategy, especially when they’re leading the way in adopting encryption and HSMs for a range of specific use cases? Digging into the data, no single reason stands out – rather it would appear a number of different challenges that could all potentially play a role.
Looking at the research, just over half of respondents (51%) rated key management as very painful. The top reasons provided were: no clear ownership (67%), systems are isolated and fragmented (62%), key management tools are inadequate (47%), and no clear understanding of requirements (36% vs. 27% globally). Additionally, no single encryption technology dominates because organizations have very diverse needs. The encryption of internet communications (e.g. TLS/SSL) and databases are most likely to be extensively deployed at 54% and 53% respectively. In contrast, IoT devices and Internet of Things (IoT) platforms/data repositories are at more generally considered partially deployed (63% and 62% respectively).
It seems that this could ultimately be a case of not being able to see the forest for the trees. The combination of focusing on new use cases, combined with a lack of clear ownership and a diverse range of tools, priorities, and challenges, means that teams end up focusing of their respective ‘tree’ and lose sight of the need to manage the entire forest.
Implementing a cohesive and holistic enterprise-wide encryption strategy can more effectively protect and organization’s IT systems and data. This can help limit liability from breaches or inadvertent disclosure and ease the pressure to comply with data privacy regulations while focusing on protecting financial records and payments-related data from the risks of hackers and temporary or contract workers.