NewsApril 17, 2017 @ 11:55 AM

Businesses Take a Strategic Turn Toward Encryption

Today, more organizations are taking a strategic stance to encryption, and they are deploying a range of technologies and techniques to combat external threats.

Businesses have responded to the increased use of the cloud with a commensurate adoption of encryption, the Ponemon Institute and Thales outlined in the “2017 Global Encryption Trends Study.” As many as 41 percent of respondents believed their organization had a strategy that was applied consistently across the enterprise.

The research highlighted how the growing use of on-demand systems and services means line-of-businesses executives are taking a comprehensive approach to data security. Additionally, they are, in many cases, helping to dictate how information is used and protected.

Creating a Strategy for Encrypted Data

Businesses are aware of both the potential risk of cyberattacks and of the requirement to protect sensitive data, said Larry Ponemon, chairman and founder of the Ponemon Institute, in the report’s press release. He added that smart executives understand they must replace reactive approaches with a sophisticated data protection strategy. Business leaders have a higher influence over this aspect of a security strategy than IT operations for the first time in the study’s 12-year history.

Infosecurity Magazine noted compliance is the top driver for encryption, according to 55 percent of respondents. It was followed closely by protecting enterprise intellectual property (51 percent), customer information protection (49 percent) and protection from external threats (49 percent).

Understanding the Rise of the Cloud and Encryption

About two-thirds (67 percent) of respondents take one of two routes to securing data at rest in the cloud: They either encrypt data on-premises prior to transmitting it to the cloud, or they encrypt it on-demand using keys they generate and manage on their own site.

But 31 percent of firms are using or plan to use hardware security modules (HSMs) with bring-your-own-key deployments. As many as 38 percent of firms now use HSMs, which represents a new industry high. Almost half of those businesses own and operate HSMs on-site to support cloud-based apps.

More than two-thirds (37 percent) said their organizations turn over complete control of keys and encryption processes to cloud providers. Another 20 percent are using or plan to deploy cloud access security brokers (CASBs). Overall use of HSMs with CASBs is expected to double during the next year from 12 percent to 24 percent, Infosecurity Magazine reported.

Implementing a Stronger Security Strategy

Organizations are adopting encryption at a rapid and increasingly urgent pace. The move is largely because the technology helps enterprises support dynamic industry regulations while also protecting sensitive data in the cloud.

Yet the shift towards stronger data security should not be taken for granted. Thales and 451 Research stated 93 percent of firms will use sensitive data in an advanced technology environment, such as the cloud, this year. However, 63 percent also believed they were deploying these technologies without appropriate data security systems in place.

Business and security leaders should ensure their on-demand IT approach is matched with a strong security strategy. The deployment of service-based security tool sets, the classification of sensitive data within the cloud, and the use of information security across all advanced technology platforms are potential solutions for securing enterprise data.

Share this Article:
Mark Samuels

Tech Journalist

Mark Samuels is an experienced business technology journalist with an outstanding track record in research. He specializes in the role of chief information officers (CIOs) and is adept at helping executives understand the business benefits of complex technologies. Key areas of interest include innovation, digital transformation, cloud computing, mobility, information security, ecommerce and big data. Mark has written articles for national newspapers, including The Guardian, The Times and The Sunday Times. He has also produced features and columns for a range of IT trade publications, such as Computer Weekly, ZDNet, Tech Republic, IT Pro, Channel Pro, CBR and The Register.