To start 2017, the Chicago Tribune made a prediction. The paper said that this is the year we collectively embrace cybersecurity and encrypting our digital lives.
I think in our personal use, most of us still see encryption as cumbersome, something we know we should do but would prefer our applications and software were designed to encrypt everything for us. But what about in enterprise? How are organizations dealing with encryption and protecting data?
Thales e-Security released its 2017 Global Encryption Trends Study last week, addressing that very issue. Its primary finding is that less than half of companies, 41 percent, reported having an encryption strategy applied consistently across the enterprise. This, however, is an increase from last year’s findings, and encryption is continuing to trend upwards. So, organizations are slowly making strides when it comes to encryption, but as a cybersecurity tool, it is lagging in its adoption.
But here’s an interesting finding. Whereas traditionally it is IT departments who push for cybersecurity tools, this report found that business leaders are the catalyst behind encryption adoption, the first time this has happened in the 12 years of the study. Cloud migration may have something to do with this switch. According to the study, protecting the data at rest in the cloud is a high priority, with 67 percent either performing encryption on premises prior to sending data to the cloud or encrypting in the cloud using keys they generate and manage on premises. As John Grimm, senior director of security strategy at Thales e-Security, explained in a formal statement:
This year’s findings align with key trends demonstrating an increased reliance on the cloud, ever-evolving internal and external threats, and new data sources mandating stronger protection. The survey further reinforces that cloud key management offerings are more important than ever – and business-leader involvement is crucial to a sound security strategy.
Another reason why business leaders have pushed for encryption strategies: compliance, the study reported:
Fifty-five percent of respondents see compliance with privacy and data security requirements as the main driver to extensive encryption use within their company. Not far behind, 51 percent of respondents see protecting enterprise intellectual property as the main driver.
Turning to encryption as a security tool makes sense. As Mike McCamon wrote in Security Today, encryption is an affordable way to provide a security layer, as well as a way to beat the “security fatigue” most companies face now. Employees are looking for ways to bypass security protocols, eSecurity Planet reported. Encryption is a way to protect sensitive data from these security mistakes.
Encryption is taking on a higher priority among organizations, and as Larry Ponemon, chairman and founder of The Ponemon Institute, said in a statement regarding the Thales report:
The stakes are too high for organizations to stand by and wait for an attack to happen to them before introducing a sophisticated data protection strategy. Encryption and key management continue to play critical roles in these strategies.
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba