Data encryption strategies become mainstream as the amount of cloud-based data grows
The number of organizations consistently applying a data encryption strategy has risen sharply in the space of a year, while many are finding it easier to locate the data they need for their work.
Organizations saying they have a cohesive enterprise-wide encryption strategy in the Middle East rose from 29% to 63% between last year and this year, as many seek greater control over dispersed data cloud-based.
These are the main findings of a recent survey of security and IT professionals, which was conducted by the Ponemon Institute.
The study involved 6,000 companies from various industries and countries, including the United Arab Emirates and Saudi Arabia, and the response indicated that many are prioritizing their investments in digital security to regain control of data in dynamic cloud environments and growing cybersecurity threats.
Jump the gap
Although they have seen a steady level of adoption over the past few years amid the growing prevalence of cloud-based systems, encryption strategies have now become the go-to part of fintech, especially in the Middle East. East, where the rate of consistent application within a company jumped dramatically from 29% to 63%.
Similarly, 70% of respondents in the Middle East rated their senior executives’ level of support for enterprise-wide encryption strategy as “significant” or “very significant.”
The data also shows a significant 39% decrease in the number of people struggling to locate the right data; be identified as one of the key challenges in planning and executing an effective data encryption strategy.
“With an unprecedented amount of cybersecurity threats challenging organizations today, coupled with dynamic new cloud environments, it has never been more important to have an enterprise-wide encryption strategy in place. “, comments Hamid QurechiRegional Sales Manager, Middle East, Africa and South Asia at Entrust.
“This [report] is indicative of a new awakening to the need for more consistent and proactive data security.
While the results indicate that organizations have moved from assessing the problem to taking action, they also reveal gaps in the implementation of encryption across many categories of sensitive data.
For example, while half of respondents in the Middle East say encryption is widely deployed in containers, only 31% say the same for big data repositories and 32% on IoT platforms.
Similarly, while 71% consider hardware security modules (HSMs) an important part of an encryption and key management strategy, 37% still do not have an HSM.
These results highlight the acceleration of digital transformation underpinned by the move to the cloud, as well as the increased focus on data protection.
Enterprises seek greater control over their cloud data
The sensitive nature of data stored in multiple cloud environments requires companies to strengthen their security strategy. This notably includes containerized applications, where HSM usage has reached an all-time high of 35%.
More than half of Middle Eastern respondents to the report admitted that their organizations transfer sensitive or confidential data to the cloud, whether or not it is encrypted or rendered unreadable through some other mechanism such as tokenization or data masking. .
Worryingly, an additional 23% said they expected to do so within one to two years.
“The growing adoption of multi-cloud environments, containers and serverless deployments, as well as IoT platforms, is creating a new kind of IT security headache for many organizations,” Qureshi added.
“This is compounded by the growth of ransomware and other cybersecurity attacks. This year’s research shows that organizations respond by seeking to maintain control over encrypted data rather than letting platform providers manage it. to secure.
When it comes to protecting some or all of their data at rest in the cloud, 41% of respondents in the Middle East said encryption is done in the cloud using keys generated and managed by the cloud provider; an improvement from the 28% recorded in 2021.
A further 32% said encryption was done on-premises before sending data to the cloud using keys generated and managed by their organization, while a quarter used some form of Bring Your Own (BYOK) approach. key). These two models remained at the same level as last year’s results.
Together, these results indicate that the benefits of cloud computing outweigh the risks associated with moving sensitive or confidential data to the cloud, but also that encryption and data protection in the cloud are handled more directly.
The employee threat to sensitive data
In terms of threat sources, respondents identified employee error as the top threat that could lead to exposure of sensitive data, although this figure is only down 2% from the last year.
Threat from temporary or contract workers increased by 10% to highest level on record; reaching 42 percent. The other top-ranked threats identified were system or process malfunction (19%) and hackers (33%).
These results make it clear that threats come from all directions, so it’s distressing but not surprising that 64% of respondents in the Middle East admitted to having experienced at least one data breach in 2020, and roughly half (49%) to have experienced one. over the past 12 months.
“In 17 years of conducting this study, we have seen fundamental changes across the industry. Findings from the Entrust 2022 Global Encryption Trends study indicate that organizations are more proactive with cybersecurity rather than simply reactive,” said Dr. Larry Pomonpresident and founder of the Ponemon Institute.
“While the sentiment is very positive, the results also indicate an increasingly complex and dynamic IT landscape with growing risks that require a practical approach to data security and a pressing need to turn cybersecurity strategies into action as needed. as soon as possible. ”
“As more enterprises migrate applications across multi-cloud deployments, monitoring this activity is necessary to ensure security policies are enforced and compliance with regulatory requirements. Likewise, encryption is essential to protect company and customer data. It’s encouraging to see such a big leap in enterprise-wide adoption,” said Cindy Provin, SVP for Identity and Data Protection at Entrust.
“However, encryption management and associated key protection are growing issues as organizations use multiple cloud services for critical functions. As the workforce becomes more transient, organizations need a holistic approach to security based on identity, zero trust, and strong encryption rather than older models that rely on perimeter security and passwords.