For the past three years, we’ve seen a steady rise in the use of encryption to protect data and hardware security modules (HSMs) to protect business applications, with organizations responding to both technology shifts and changes in the threat environment.
This year, however, a new trend emerged. The findings of our most recent Global Encryption Trends Study, carried out in association with the Ponemon Institute, revealed record year-over-year growth in HSM usage from 41% in 2018 to 47%. In addition, almost half (45%) of organizations reported having a consistent, enterprise-wide encryption strategy, with businesses across the technology and software, communications and financial services sectors having the highest encryption use.
Encryption for data security
It’s not surprising that we’re seeing more encryption use to protect sensitive data. With mobile and cloud initiatives, sensitive data continues to end up in more and more places, and encryption with good key management is the best strategy to make sure that the protection follows the data. But what may surprise you is the chief threat to sensitive data. If you guessed external hackers or malicious insiders, guess again. The survey found that employee mistakes are by far the most significant threat to sensitive data – a greater threat than hackers and insiders COMBINED.
Encryption to the rescue? Well, yes and no. If an employee mistake results in sensitive data files being sent to a publically accessible data store in the cloud, the data remains safe if the data was encrypted and the key is properly protected (that’s a very important “and”). But with the survey revealing that almost two-thirds of organizations use more than 6 different products that perform encryption, you could argue that such a large number of products and associated user interfaces also create a situation where mistakes in the form of misconfigurations can easily be made, especially where many organizations report skill shortages in managing such products.
And you can certainly make the argument that it’s hard to enforce a consistent encryption and key management policy across a diverse set of products. It’s no wonder that 61% of survey respondents rate the pain of managing encryption keys at 7 or higher on a 10 point scale.
HSMs for application protection
But what about the applications and processes that actually control and perform things like data encryption? It’s also essential that they get their own form of protection.
That’s where HSMs come in, offering a certified and tamper-resistant environment for the cryptographic aspects of business processes like encryption and digital signing. HSM use reached an all-time high this year, with specific use cases of application level encryption (48%) and TLS/SSL (45%) topping the charts. The diversity of HSM use cases was on full display, as traditional favorites like database encryption (36%) and PKI (29%) were joined by newer use cases like public cloud encryption (32%) and payment credential provisioning (30%) in the top 6.
We also saw significant growth in some previously lower-level HSM use cases: code signing, big data encryption, and IoT (Internet of Things) root of trust all jumped with double digit growth into a range between 20-24% of the survey population. And, 60% of the population identify HSMs as important to their encryption or key management strategy.
The growing importance of encryption for data protection and of HSMs to protect applications was on full display in this year’s survey. Check out the full report to benchmark your organization’s use of encryption and HSMs against the 14 countries/regions and 13 industries represented in this comprehensive survey of close to 6000 respondents. To download the 2019 Global Encryption Trends Study, click here. Questions or comments? You can find me on Twitter @johnrgrimm, or follow nCipher on Twitter, LinkedIn, and Facebook.