In-depth

The encryption maturity curve

Davey Winder puts forward a strategic business case for encryption.

Spending on encryption within the enterprise is increasing, and the latest Thales/Ponemon Global Encryption Trends Study suggests that it's now being seen more as a strategic business issue rather than just something for the IT department.

At the same time, separate research from Kaspersky Lab reveals that more than a third of companies do not use encryption at all.

The Kaspersky study, which questioned some 5,000 senior IT managers, produced some pretty disturbing numbers. Just over a third (34 per cent) are not using file and folder level encryption and 17 per cent have absolutely no plans to do so in the future. Some 36 per cent are not using full disk encryption and 18 per cent have no plans to do so.

This apparent lack of concern when it comes to security within the enterprise leaves corporate data at risk of exposure should a breach occur. Indeed, simply not employing the most basic safeguard of encryption is worrying at a business strategy level.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

The historical record shows us that when a breach occurs, be that corporate espionage, accidental leakage or concerted hacker attack, the damage to business branding is far greater when the data stolen is left unencrypted. Where customer logins, passwords, financial data is exposed the risk to them individually is obvious, but the reputational ripple effect on any company that fails to take adequate measures to protect that data spreads much further and last longer.

Thankfully, according to the latest Ales and Ponemon Institute study into encryption trends, enterprises are increasingly viewing encryption and key management as being strategic business issues. What's more, businesses are increasing investment in encryption across the enterprise.

The Global Encryption Trends Study has a few things going in its favour, not least historical data stretching back over eight years now that provides a real insight into adoption rates and strategic trends. Indeed, it reveals that there has been a very steady increase in the deployment of encryption in the enterprise over those eight years - spending on encryption as a percentages of the overall IT security budget has risen from 10 per cent in 2005 to 18 per cent in 2012. One of the interesting changes is that rather than being driven purely by IT security professionals, it appears that there is a noticeable switch to encryption being perceived as a strategic issue amongst business leaders, with 'business managers' now becoming the most influential group when it comes to establishing an encryption strategy in the US for the first time for example. Of course, while business leaders are becoming more influential with regards to encryption use, IT leaders remain the most important link in the encryption determination chain globally for now.

However, this move to a strategic investment outside of the IT department shouldn't really come as any great surprise, given the amount of media coverage there has been of high profile data breaches at some very large concerns. The report reveals, however, that when it comes to most significant perceived threats to exposing sensitive data it is employee error, system malfunction and forced disclosure through legal e-discovery requests that outweigh concern over hackers and attackers.

Featured Resources

What you need to know about migrating to SAP S/4HANA

Factors to assess how and when to begin migration

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

Testing for compliance just became easier

How you can use technology to ensure compliance in your organisation

Download now

Best practices for implementing security awareness training

How to develop a security awareness programme that will actually change behaviour

Download now
Advertisement

Most Popular

Visit/policy-legislation/data-governance/354496/brexit-security-talks-under-threat-after-uk-accused-of
data governance

Brexit security talks under threat after UK accused of illegally copying Schengen data

10 Jan 2020
Visit/security/cyber-security/354468/if-not-passwords-then-what
cyber security

If not passwords then what?

8 Jan 2020
Visit/web-browser/30394/what-is-http-error-503-and-how-do-you-fix-it
web browser

What is HTTP error 503 and how do you fix it?

7 Jan 2020
Visit/policy-legislation/31772/gdpr-and-brexit-how-will-one-affect-the-other
Policy & legislation

GDPR and Brexit: How will one affect the other?

9 Jan 2020