Customer personal information is the number one data protection priority in Mexico, but organizations face challenges managing their encryption
nCipher Security's 2020 Global Encryption Trends Study finds organizations racing to protect sensitive data as it proliferates across cloud, IoT devices and 5G networks
The increasing adoption of encryption is resulting in more key management challenges for Mexican organizations wanting to protect their data from accidental disclosure, government eavesdropping and hackers
MEXICO CITY – September 8, 2020 – As organizations accelerate digital initiatives such as cloud and the internet of things (IoT), and data volumes and types continue to rise, IT professionals across the world cite protection of customer personal information as their number one priority, according to the 2020 Global Encryption Trends Study from the Ponemon Institute in collaboration with nCipher Security, an Entrust Datacard company.
The 2020 Mexico Encryption Trends Study reveals 38% of responding organizations in Mexico currently have a consistently applied encryption strategy to protect their sensitive data. However, as encryption adoption increases, they find themselves facing important challenges including where sensitive data resides, managing encryption keys and training employees to use encryption appropriately.
Drivers, priorities and threats
When it comes to encryption, the top priority in Mexico is protecting customer information, with 60% of respondents ranking it as the top driver for deploying encryption – up from 46% in 2018 and above the current global average of 54%.
Traditionally compliance with regulations has been the top driver for deploying encryption across all countries in the study, but this has dropped in priority since 2017, indicating that encryption is transitioning from a requirement to a proactive choice to safeguard critical information.
"Laws and regulations such as the National Cybersecurity Strategy (ENCS), together with the pressure and responsibility organizations face in establishing and maintaining trust with their customers, have put the spotlight on data protection in Mexico," says José Rivera, LATAM Sales Director at nCipher Security. "It therefore comes as no surprise that the country ranks the importance of the protection of customer data above the global average and that more businesses are deploying encryption solutions as they transfer sensitive data to the cloud."
"The study also finds Mexico to be less challenged than other countries when it comes to deploying encryption technology. This is great news considering recent high profile breaches. It means IT leaders will increasingly factor encryption in to their plans to safeguard their customers' personal information – particularly as they experience a surge in technologies like blockchain and cryptocurrency. There are still significant challenges but Mexican organizations are on the right path to providing comprehensive data protection against external threats."
Although employee mistakes continue to be the biggest global threat that might result in the exposure of sensitive data (highlighted by 54% of respondents), only 38% of organizations in Mexico consider it to be a top risk – the lowest rate globally for the second consecutive year.
Mexican respondents highlighted attacks by third party service providers (26% vs. 19% globally) and advances by hackers (34% vs. 29% globally) as significant threats along with government eavesdropping (14%).
Data discovery and key management among top challenges for encryption
With the proliferation of data from digital initiatives, cloud use, mobility, IoT devices and the advent of 5G networks, data discovery continues to be the biggest challenge in planning and executing a data encryption strategy, with 56% of Mexican respondents citing this as their top concern. And that is likely to increase, with a pandemic-driven surge in employees working remotely, using data at home, creating extra copies on personal devices and cloud storage.
While 90% of Mexican organizations indicate encryption key management to be an important feature associated with encryption solutions, 62% find this challenging and experience a high rate of pain associated with managing keys or certificates. Notably, 58% of respondents still use manual processes such as spreadsheets to manage encryption keys (compared with the global average of 34%).
When rating the reasons that make key management painful, organizations in Mexico pointed to the lack of skilled personnel at the highest rate worldwide (78% vs. 45% globally) and an unclear understanding of requirements also higher than the global average (35% vs. 27% globally).
Blockchain, quantum and adoption of new encryption technologies
With encryption deployment steadily growing, there's been an 8% increase in encryption strategy adoption over the last two years, how are organizations in Mexico looking ahead? In the near term, 43% plan to use blockchain, with the use of cryptocurrency/wallets ranking higher in Mexico (71%) than globally (62%). Another top use case for blockchain is asset transactions/management cited by 51% of Mexican respondents.
Other much-hyped technologies are not on IT organizations’ near-term radar, based on global results. Most IT professionals see the mainstream adoption of multi-party computation at least five years away, with mainstream adoption of homomorphic encryption more than six years away, and quantum resistant algorithms over eight years out. Mexico is on par with these global time predictions.
Trust, integrity, control
The use of hardware security modules (HSMs) is no longer limited to traditional use cases such as public key infrastructure (PKI), databases, application and network encryption (TLS/SSL). In Mexico the use of HSMs continues to grow, with 31% of organizations already deploying HSMs to provide a hardened, tamper-resistant environment with higher levels of trust, integrity and control for both data and applications. Despite ranking deployment 17% below the global average, 61% of respondents in Mexico say HSMs are currently considered important for their encryption and 66% state they will be important in 12 months.
Mexican organizations are also increasing their use of HSMs for payment credential provisioning and document signing, and are also more likely than their global counterparts to have an internal team providing cryptography as a service — 71% have a centralized team opposed to 59% globally, which makes Mexico the second highest region worldwide.
The most prevalent HSM use cases among organizations in Mexico are application level encryption (39% vs. 46% globally) and payment credential provisioning such as mobile or IoT (32% vs. 30% globally).
The race to the cloud
In Mexico 46% of organizations report transferring sensitive data to the cloud, while another 24% plan to do so within the next 12 to 24 months. The study found that the two most important cloud encryption features when considering cloud encryption options are:
- Support for the Key Management Interoperability Protocol (KMIP) standard for encryption key management (89% in Mexico vs. 67% globally)
- Support for FIPS 140-2 compliant key management (38% in Mexico vs. 33% globally).
Other key trends include:
- The fastest growing encryption use cases in Mexico include cloud gateway (35%, up from 31% last year), IoT devices (26%, up from 21%) and IoT platforms / data repositories (28%, up from 19%).
- Organizations in Mexico encrypt payment-related data at a higher rate than the global average (60% vs. 54% globally).
- Mexico is behind the global average when it comes to encrypting employee/HR data (32% vs. 52% globally) and intellectual property (34% vs. 49% globally). The data type least likely to be encrypted is healthcare information (20% vs. 25% globally).
Download the 2020 Mexico Global Encryption Trends Study.
2020 Global Encryption Trends Study methodology
The 2020 Global Encryption Trends Study, based on research by the Ponemon Institute, captures how organizations around the world are dealing with compliance, increased threats, and the implementation of encryption to protect their business critical information and applications. 6,457 IT professionals were surveyed across multiple industry sectors in 17 countries/regions: Australia, Brazil, France, Germany, India, Japan, Hong Kong, Mexico, the Middle East (which is a combination of respondents located in Saudi Arabia and the United Arab Emirates), the Russian Federation, Southeast Asia (Indonesia, Malaysia, Philippines, Thailand, and Vietnam), South Korea, Taiwan, the United Kingdom, the United States and two new regions for the first time, Netherlands and Sweden.