The encryption maturity curve

Davey Winder puts forward a strategic business case for encryption.

Encryption in the cloud was only beaten by identity and access management, data discovery and data use within business applications. The chances are that cloud concerns will rise higher across this year, and that will be reflected in the next report. The exposure of the cloud as an enterprise essential to business managers in times of recession, cutting costs and increasing productivity, has led to a wider awareness of the risks of exposing unencrypted data within that cloud environment and a knock-on effect is to increase awareness of encryption within the enterprise outside of the usual IT department environs.

Encryption has almost become the marker of security posture and strength within the enterprise, and certainly in the boardroom. Organisations that deploy encryption are "more aware of threats to sensitive and confidential information" says Dr Larry Ponemon, chairman and founder of The Ponemon Institute who adds that "for the first time this year our study shows that more organisations say they have an encryption strategy than not."

While there is no denying that encryption has somewhat taken centre stage as far as being a strategic ITSec issue these days, it's not the whole story. "Key management remains a challenge that can rapidly escalate as the use of encryption and other uses of cryptography expand," warns Richard Moulds who is vice president of strategy at Ales e-Security. He continues: "The report shows a 25 per cent increase in spending on key management solutions as a proportion of encryption budgets."

Although key management has yet to overtake 'performance' as the key driver when it comes buying criteria, according to the report, it has risen up to second place this year. Some 38 per cent of those asked said they now have a formal key management strategy in place, and there's a high level of awareness surrounding new standards such as Key Management Interoperability Protocol (KMIP) that helps deploy centralised key management systems spanning multiple use cases and equipment vendors.

The encryption maturity curve

One of the reasons that some companies have still not employed encryption could well be the silver bullet myth that suggests that if you encrypt everything your data is somehow immune to harm.

Advertisement - Article continues below

That isn't the case, and those who have had their fingers burned (or heard about them) are wary of spending money on something that doesn't work. To make encryption work, as the savvy enterprise is starting to appreciate, you need to take a strategic approach to data protection and that means understanding not only what data actually needs to be protected but also where it needs protecting.

The non-strategic approach is still rife when it comes to technical implementation, if truth be told, with two thirds of those surveyed in the report using at least five different encryption technologies to secure data on laptops, in the cloud, within databases, across their networks and so on. Which is where the encryption maturity curve comes into play, according to Richard Moulds. "An encryption maturity curve is emerging with a shift of interest from relatively mature static technologies such as laptop and network encryption towards more sophisticated deployments that focus on encrypting data in applications as it is actually used," he says.

Featured Resources

Application security fallacies and realities

Web application attacks are the most common vulnerability, so what is the truth about application security?

Download now

Your first step researching Managed File Transfer

Advice and expertise on researching the right MFT solution for your business

Download now

The KPIs you should be measuring

How MSPs can measure performance and evaluate their relationships with clients

Download now

Life in the digital workspace

A guide to technology and the changing concept of workspace

Download now

Most Popular

operating systems

17 Windows 10 problems - and how to fix them

4 Nov 2019
Business strategy

The pros and cons of net neutrality

4 Nov 2019
Domain Name System (DNS)

Microsoft embraces DNS over HTTPS to secure the web

19 Nov 2019
social media

Can Wikipedia founder's social network really challenge Facebook?

19 Nov 2019