Key Management a Barrier to Encryption Adoption
-
Encryption Deployment Is Rising Steadily
35% of those surveyed have an encryption strategy, compared to 29% of respondents last year. -
Top Driver For Encryption: Reducing Data Breaches
For the first time, the primary reason for deploying encryption is to reduce the impact of beaches, whereas previously it was to protect an organization's brand or reputation. -
Encrypting Data But Not Disclosing Breaches
50% of those surveyed who encrypt their data believe it provides a safe harbor that makes it unnecessary to disclose a data breach. -
Fastest Growing Reason for Deploying Encryption
42% of respondents say they deploy encryption for the sake of their customers' privacy rather than for their own benefit, a 5% increase since 2012. -
Top Threat Remains Mistakes by Employees
According to 27% of respondents, employee mistakes combined with system or process malfunctions result in concerns over inadvertent exposure. These factors outweigh concerns over malicious attacks by more than 2 to 1. -
Backup Tapes and Databases Most Need Encryption
Organizations ranked backup tapes and databases as the most important for encryption protection, followed by networks and laptops. Cloud encryption did not rank in the top 10. -
Two Biggest Challenges for Data Encryption Policies
Discovering where sensitive data resides and the ability to effectively implement encryption technology were reported as the top biggest challenges by 61% and 50% of respondents, respectively. -
Key Management Remains a Major Issue
More than half of those surveyed rated the challenge of managing keys or certificates a 7 on a scale of 1 to 10. 30% of organizations rated key management at 9 or 10. -
Key Management Interoperability Protocol Is Increasingly Important
Key Management Interoperability Protocol (KMIP) is expected to contribute to encryption and key management strategies around cloud, storage and application-level encryption. Over 50% of respondents say KMIP is important to cloud encryption, compared to 42% in 2012. -
Hardware Security Modules Are Critical to Key Management
The report found that hardware security modules, devices to protect critical data processing activities and high-value keys, are increasingly considered a critical component of key management strategy.
Use of encryption continues to grow in response to consumer concerns, privacy compliance regulations and cyber-attacks, but implementing data encryption policy remains a major challenge, according to a recent Ponemon Institute report. "For the first time in this study we drilled down into the issue of key management and found it emerging as a huge operational challenge, but questions should be asked about the broader topics of policy issues and choice of encryption algorithms," says Larry Ponemon, the institute's chairman and founder. Ponemon adds that these questions are especially pressing in light of recent concerns over back doors, poorly implemented cryptosystems and key management systems. The 2014 study, "Global Encryption Trends," was sponsored by Thales, an information systems and communications security firm. To examine global encryption trends and regional differences, 4,800 business and IT managers were surveyed in the U.S., U.K., Germany, France, Australia, Japan, Brazil and, for the first time, Russia. To read the full report (registration required), click here.