The encryption maturity curve
Davey Winder puts forward a strategic business case for encryption.
Encryption in the cloud was only beaten by identity and access management, data discovery and data use within business applications. The chances are that cloud concerns will rise higher across this year, and that will be reflected in the next report. The exposure of the cloud as an enterprise essential to business managers in times of recession, cutting costs and increasing productivity, has led to a wider awareness of the risks of exposing unencrypted data within that cloud environment and a knock-on effect is to increase awareness of encryption within the enterprise outside of the usual IT department environs.
Encryption has almost become the marker of security posture and strength within the enterprise, and certainly in the boardroom. Organisations that deploy encryption are "more aware of threats to sensitive and confidential information" says Dr Larry Ponemon, chairman and founder of The Ponemon Institute who adds that "for the first time this year our study shows that more organisations say they have an encryption strategy than not."
While there is no denying that encryption has somewhat taken centre stage as far as being a strategic ITSec issue these days, it's not the whole story. "Key management remains a challenge that can rapidly escalate as the use of encryption and other uses of cryptography expand," warns Richard Moulds who is vice president of strategy at Ales e-Security. He continues: "The report shows a 25 per cent increase in spending on key management solutions as a proportion of encryption budgets."
Although key management has yet to overtake 'performance' as the key driver when it comes buying criteria, according to the report, it has risen up to second place this year. Some 38 per cent of those asked said they now have a formal key management strategy in place, and there's a high level of awareness surrounding new standards such as Key Management Interoperability Protocol (KMIP) that helps deploy centralised key management systems spanning multiple use cases and equipment vendors.
The encryption maturity curve
One of the reasons that some companies have still not employed encryption could well be the silver bullet myth that suggests that if you encrypt everything your data is somehow immune to harm.
That isn't the case, and those who have had their fingers burned (or heard about them) are wary of spending money on something that doesn't work. To make encryption work, as the savvy enterprise is starting to appreciate, you need to take a strategic approach to data protection and that means understanding not only what data actually needs to be protected but also where it needs protecting.
The non-strategic approach is still rife when it comes to technical implementation, if truth be told, with two thirds of those surveyed in the report using at least five different encryption technologies to secure data on laptops, in the cloud, within databases, across their networks and so on. Which is where the encryption maturity curve comes into play, according to Richard Moulds. "An encryption maturity curve is emerging with a shift of interest from relatively mature static technologies such as laptop and network encryption towards more sophisticated deployments that focus on encrypting data in applications as it is actually used," he says.
Choosing a collaboration platform
Eight questions every IT leader should askDownload now
Performance benchmark: PostgreSQL/ MongoDB
Helping developers choose a databaseDownload now
Customer service vs. customer experience
Three-step guide to modern customer experienceDownload now
Taking a proactive approach to cyber security
A complete guide to penetration testingDownload now