Key Management a Barrier to Encryption Adoption
35% of those surveyed have an encryption strategy, compared to 29% of respondents last year.
For the first time, the primary reason for deploying encryption is to reduce the impact of beaches, whereas previously it was to protect an organization’s brand or reputation.
50% of those surveyed who encrypt their data believe it provides a safe harbor that makes it unnecessary to disclose a data breach.
42% of respondents say they deploy encryption for the sake of their customers’ privacy rather than for their own benefit, a 5% increase since 2012.
According to 27% of respondents, employee mistakes combined with system or process malfunctions result in concerns over inadvertent exposure. These factors outweigh concerns over malicious attacks by more than 2 to 1.
Organizations ranked backup tapes and databases as the most important for encryption protection, followed by networks and laptops. Cloud encryption did not rank in the top 10.
Discovering where sensitive data resides and the ability to effectively implement encryption technology were reported as the top biggest challenges by 61% and 50% of respondents, respectively.
More than half of those surveyed rated the challenge of managing keys or certificates a 7 on a scale of 1 to 10. 30% of organizations rated key management at 9 or 10.
Key Management Interoperability Protocol (KMIP) is expected to contribute to encryption and key management strategies around cloud, storage and application-level encryption. Over 50% of respondents say KMIP is important to cloud encryption, compared to 42% in 2012.
The report found that hardware security modules, devices to protect critical data processing activities and high-value keys, are increasingly considered a critical component of key management strategy.