Data breaches. Cybercrime. Phishing. Pharming. Botnet. Dark Web. Ransomware. Fullz.
It wasn’t that long ago that these words didn’t even exist. But things have evolved. Fast. We now live in a digital information age where organizations need to employ encryption technology to protect their data – and their reputations – from cybercriminal activity.
What’s more, now the COVID-19 pandemic has forced more people to work from home where they’re accessing private networks remotely, emailing confidential documents, and, well … doing just about everything online. It’s a situation that cybercriminals are surely looking to take advantage of.
So, the need for encryption technologies for cyber security is certainly evolving. Are organizations around the world keeping up?
That’s part of what the Ponemon Institute attempts to find out with its annual Global Encryption Trends Study. The 2020 study results are based on a survey of 6,457 individuals in 17 countries/regions.
So what did they uncover?
Encryption use continues to grow
Over the past 15 years, the number of companies that consistently apply an encryption strategy across the entire enterprise has steadily increased, and is now at 48%. Conversely, the number of companies using no encryption strategy at all has decreased to an all-time low of 13%.
The remaining 39% (not shown in Figure 1) are the organizations that have a limited encryption plan or strategy that is applied to certain applications and data types. So, together, this means that 87% of companies surveyed have at least some form of encryption strategy. That’s a good sign.
Companies are using encryption for the right reasons
For the first 12 years of this study, the main reason companies gave for using encryption technology solutions was compliance. They were doing it because they had to, not necessarily because they thought they needed to. But that’s changing. The last three years, compliance has fallen from the top spot, revealing that companies are beginning to understand the importance of data security.
And according to the 2020 study, the new #1 driver for using encryption technologies is protecting customer personal information. Companies understand – or have learned the hard way – the true costs associated with a data breach. Coming in a close second and third were protecting enterprise intellectual property and protecting information against specific, identified threats.
Encryption management is not easy
We’ve all heard people use the phrase “it’s not rocket science,” when referring to a simple task, implying, of course, that rocket science is as complex as it gets. Is encryption management the new rocket science? Because let’s be honest … it’s no walk in the park.
When asked to rate on a scale of 1 to 10 the overall “pain” associated with managing keys within their organization, the most common answer was “9 or 10.” (It’s probably no surprise that “1 or 2” was the least cited answer.)
So what makes key management so painful? According to respondents, the two biggest factors are:
- No clear ownership
- Lack of skilled personnel
That doesn’t align with known best practices, yet it’s a trend we see time and again from organizations, in relation to not only key management, but also the management of their digital certificates.
As for the types of keys that are most difficult to manage, the top answers were:
- Keys for external cloud or hosted services, including Bring Your Own Key (BYOK) keys
- SSH keys
- Signing keys
And when it comes to encryption failure, as Figure 4 shows, it’s not hackers or malicious insiders that are the biggest threat to sensitive data. It’s employee mistakes – further supporting the idea that encryption management is not easy.
There are no major tide shifts on the near-term horizon
No “trends” report is complete without a look to the future. The study asked people to look into their crystal ball and predict what’s next. How far away are we from multi-party computation? Homomorphic encryption? Quantum algorithms? Respondents seem to think multi-party computation is the first encryption solution that will achieve mainstream adoption.
Other future trends indicate a continued increase in the use of hardware security modules (HSMs), blockchain, public cloud services, and more.
Read the full 2020 Ponemon Global Trends Study to learn more.