Deploying encryption technology remains a “significant challenge” for nearly half of businesses, with a further 61 percent saying encryption key management is “very painful”. That’s according to nCipher Security’s 2019 Global Encryption Trends report.
More painful yet: most respondents held employee mistakes – by a large margin – to be the greatest likely cause of sensitive data leaking: at 54 percent, this was notably ahead of the threat from hackers (30 percent) and malicious insiders (21 percent) combined.
What is so hard?
Data discovery, for starters, which was cited by 69 percent of respondents as the biggest challenge to executing a data encryption strategy.
The highest prevalence of an enterprise encryption strategy was reported in Germany (67 percent) followed by the United States (65 percent) and Australia (51 percent). Exactly half of UK respondents said their business has an encryption strategy.
With more data to encrypt and close to two-thirds of respondents deploying six or more separate products to encrypt it, policy enforcement (73 percent) was selected as the most important feature for encryption solutions.
“Cloud data protection requirements continue to drive encryption use, with encryption across both public and private cloud use cases growing over 2018 levels, and organizations prioritising solutions that operate across both enterprise and cloud environments”, nCipher Security said.
The company, which provides hardware security modules (HSMs) — hardware tools to securely store encryption keys — said HSM use grew at a record year-over-year level from 41 percent in 2018 to 47 percent, “indicating a requirement for a hardened, tamper-resistant environment with higher levels of trust”.
With public cloud providers making a major push into HSM management on behalf of clients, the report found that 37 percent now rent/use HSMs from cloud providers. The majority, however, still prefer to keep their HSMs in-house.
Key management was a particular pain-point for UK enterprises, the survey showed, with France least affected by the issues.
nCipher’s John Grimm, Senior Director Strategy and Business Development, told Computer Business Review: “From the survey data, the big factor I see is the France does not seem to suffer from the lack of personnel skilled in key management.”
“The rating of ‘lack of skilled personnel’ as a contributor to key management pain in France was half (31 percent) of the global average (62 percent), and in fact the lowest of the 14 countries/regions in the survey. There are couple other indicators as well, such as use of fewer different encryption products than the UK, and lower adoption than the UK of encryption use cases where key management is less mature such as big data encryption and IoT encryption, that would also tend to lessen key management pain.”
“But it looks like the lack-of-skill factor has the strongest direct relationship to the higher key management pain.”
Payment-related data and financial records are most likely to be encrypted, on average. The least likely data type to be encrypted is health-related information the report — based on a survey of 5,856 individuals across 14 countries — found.