The encryption maturity curve
Davey Winder puts forward a strategic business case for encryption.
Spending on encryption within the enterprise is increasing, and the latest Thales/Ponemon Global Encryption Trends Study suggests that it's now being seen more as a strategic business issue rather than just something for the IT department.
At the same time, separate research from Kaspersky Lab reveals that more than a third of companies do not use encryption at all.
The Kaspersky study, which questioned some 5,000 senior IT managers, produced some pretty disturbing numbers. Just over a third (34 per cent) are not using file and folder level encryption and 17 per cent have absolutely no plans to do so in the future. Some 36 per cent are not using full disk encryption and 18 per cent have no plans to do so.
This apparent lack of concern when it comes to security within the enterprise leaves corporate data at risk of exposure should a breach occur. Indeed, simply not employing the most basic safeguard of encryption is worrying at a business strategy level.
The historical record shows us that when a breach occurs, be that corporate espionage, accidental leakage or concerted hacker attack, the damage to business branding is far greater when the data stolen is left unencrypted. Where customer logins, passwords, financial data is exposed the risk to them individually is obvious, but the reputational ripple effect on any company that fails to take adequate measures to protect that data spreads much further and last longer.
Thankfully, according to the latest Ales and Ponemon Institute study into encryption trends, enterprises are increasingly viewing encryption and key management as being strategic business issues. What's more, businesses are increasing investment in encryption across the enterprise.
The Global Encryption Trends Study has a few things going in its favour, not least historical data stretching back over eight years now that provides a real insight into adoption rates and strategic trends. Indeed, it reveals that there has been a very steady increase in the deployment of encryption in the enterprise over those eight years - spending on encryption as a percentages of the overall IT security budget has risen from 10 per cent in 2005 to 18 per cent in 2012. One of the interesting changes is that rather than being driven purely by IT security professionals, it appears that there is a noticeable switch to encryption being perceived as a strategic issue amongst business leaders, with 'business managers' now becoming the most influential group when it comes to establishing an encryption strategy in the US for the first time for example. Of course, while business leaders are becoming more influential with regards to encryption use, IT leaders remain the most important link in the encryption determination chain globally for now.
However, this move to a strategic investment outside of the IT department shouldn't really come as any great surprise, given the amount of media coverage there has been of high profile data breaches at some very large concerns. The report reveals, however, that when it comes to most significant perceived threats to exposing sensitive data it is employee error, system malfunction and forced disclosure through legal e-discovery requests that outweigh concern over hackers and attackers.
Navigating the new normal: A fast guide to remote working
A smooth transition will support operations for years to comeDownload now
Putting a spotlight on cyber security
An examination of the current cyber security landscapeDownload now
The economics of infrastructure scalability
Find the most cost-effective and least risky way to scaleDownload now
IT operations overload hinders digital transformation
Clearing the path towards a modernised system of agreementDownload now