Cybercrime is on the rise. In our digital-first world, distributed workplaces and remote work routines are creating new security vulnerabilities for employers.
But how are enterprises responding to the increased threat landscape?
The Entrust annual Global Encryption Trends Study aims to answer this question and more by examining how and why enterprises deploy encryption. Conducted by the Ponemon Institute, the 2021 study features insights that help reveal the future of encryption use and the solutions organizations are leveraging to solve the difficulties of working across multiple cloud environments.
Customer data remains vulnerable
While IT professionals ranked protection of customer information as the most important reason for encryption, the study found customer information ranks fifth on the list of information that enterprises actually encrypt. Instead, several other data types ranked higher than customer information:
- Financial records (55%)
- Payment-related data (55%)
- Employee/HR data (48%)
- Intellectual property (48%)
Customer information comes in at 42%, which means enterprises are leaving customer data vulnerable even though they believe it’s the top reason to deploy encryption. Clearly, there is a disconnect between perceived threats and the realities of deploying encryption when it comes to prioritizing customer data. There are likely several reasons for this disconnect, but a key component that is revealed by the study is that encryption use tends to follow the most mature and easy-to-use applications like databases and backups/archives, as opposed to truly following specific data to all the different locations and platforms it moves to.
Additionally, the pandemic revealed weaknesses in some enterprises’ data protection strategies. Financial services, for example, became an even bigger target for fraud and other malicious activities like phishing — complaints to the Consumer Financial Protection Bureau escalated in 2020 due to an increase in digital sales. And according to the study, respondents in the financial services industry rated the threat of malicious insiders higher than any other industry.
To regain consumer trust, vulnerable industries need to align their intention to protect customer data with their actions. Brands that fail to protect their customers’ personal information inevitably place their reputations at risk.
The use of encryption grows, but difficulties managing it abound
The study also revealed more promising trends for enterprises. Encryption use continues to rise, with 50% of organizations reporting they have an overall encryption strategy applied consistently, while 37% report a limited encryption strategy.
Although the use of encryption is growing, it comes with challenges. In fact, managing encryption is a pain point for many enterprises today.
On average, organizations use eight different products to perform encryption. When assessing encryption solutions, enterprises look for performance, management of keys, policy enforcement and support for both cloud and on-premise deployment. And 45% of organizations rated unified key management across multiple clouds and the enterprise as very important or important. This makes sense because the data also showed that encryption keys for cloud services, including Bring-Your-Own-Key (BYOK), are the most painful key type to manage.
The study also found that knowing where organizational data lives across on-premise, virtual, cloud and hybrid environments is a continuing issue for enterprises. In fact, 65% of organizations report that discovering where sensitive data resides is the top challenge when building out and deploying an encryption strategy.
The pandemic has put even more pressure on organizations to apply increased attention to their encryption solutions in order to protect against both internal and external threats. Whether it’s painful or not, enterprises will only benefit from prioritizing their encryption and key management solutions — especially if it means helping their customers feel more secure, and decreasing risk to their business.
Overall, it’s encouraging that customer data protection is such a high priority for organizations, but there is clearly some work to be done in turning that priority into a reality in terms of what data is actually encrypted and at what points in the data lifecycle. It’s also apparent that organizations of all shapes and sizes are looking to adopt encryption for a range of new and cutting-edge use cases, which will no doubt continue to drive innovation in the industry.
Read the full 2021 Global Trends Study to learn more and look out for my next blog for more insight into the report and the future of encryption and HSMs.