The encryption maturity curve

Davey Winder puts forward a strategic business case for encryption.

Encryption in the cloud was only beaten by identity and access management, data discovery and data use within business applications. The chances are that cloud concerns will rise higher across this year, and that will be reflected in the next report. The exposure of the cloud as an enterprise essential to business managers in times of recession, cutting costs and increasing productivity, has led to a wider awareness of the risks of exposing unencrypted data within that cloud environment and a knock-on effect is to increase awareness of encryption within the enterprise outside of the usual IT department environs.

Encryption has almost become the marker of security posture and strength within the enterprise, and certainly in the boardroom. Organisations that deploy encryption are "more aware of threats to sensitive and confidential information" says Dr Larry Ponemon, chairman and founder of The Ponemon Institute who adds that "for the first time this year our study shows that more organisations say they have an encryption strategy than not."

While there is no denying that encryption has somewhat taken centre stage as far as being a strategic ITSec issue these days, it's not the whole story. "Key management remains a challenge that can rapidly escalate as the use of encryption and other uses of cryptography expand," warns Richard Moulds who is vice president of strategy at Ales e-Security. He continues: "The report shows a 25 per cent increase in spending on key management solutions as a proportion of encryption budgets."

Although key management has yet to overtake 'performance' as the key driver when it comes buying criteria, according to the report, it has risen up to second place this year. Some 38 per cent of those asked said they now have a formal key management strategy in place, and there's a high level of awareness surrounding new standards such as Key Management Interoperability Protocol (KMIP) that helps deploy centralised key management systems spanning multiple use cases and equipment vendors.

The encryption maturity curve

One of the reasons that some companies have still not employed encryption could well be the silver bullet myth that suggests that if you encrypt everything your data is somehow immune to harm.

That isn't the case, and those who have had their fingers burned (or heard about them) are wary of spending money on something that doesn't work. To make encryption work, as the savvy enterprise is starting to appreciate, you need to take a strategic approach to data protection and that means understanding not only what data actually needs to be protected but also where it needs protecting.

The non-strategic approach is still rife when it comes to technical implementation, if truth be told, with two thirds of those surveyed in the report using at least five different encryption technologies to secure data on laptops, in the cloud, within databases, across their networks and so on. Which is where the encryption maturity curve comes into play, according to Richard Moulds. "An encryption maturity curve is emerging with a shift of interest from relatively mature static technologies such as laptop and network encryption towards more sophisticated deployments that focus on encrypting data in applications as it is actually used," he says.

Featured Resources

The ultimate law enforcement agency guide to going mobile

Best practices for implementing a mobile device program

Free download

The business value of Red Hat OpenShift

Platform cost savings, ROI, and the challenges and opportunities of Red Hat OpenShift

Free download

Managing security and risk across the IT supply chain: A practical approach

Best practices for IT supply chain security

Free download

Digital remote monitoring and dispatch services’ impact on edge computing and data centres

Seven trends redefining remote monitoring and field service dispatch service requirements

Free download

Most Popular

Best Linux distros 2021
operating systems

Best Linux distros 2021

11 Oct 2021
What is cyber warfare?
Security

What is cyber warfare?

15 Oct 2021
Windows 11 has problems with Oracle VirtualBox
Microsoft Windows

Windows 11 has problems with Oracle VirtualBox

5 Oct 2021