Today the Ponemon Institute released the findings of its 2016 Encryption Application Trends Study, sponsored by Thales eSecurity. This study, part of an annual survey covering over 5000 respondents in 14 major industry sectors and 11 countries, focuses on how encryption is being used in conjunction with business applications in order to protect data. The following are some interesting findings from this study.
Record rise in encryption usage
This year’s report highlighted the largest year-on-year increase in encryption usage in the 11 year history of the survey! See the chart below.
We believe the increased usage of encryption can be traced to many factors, chief among them being cyber-attacks, privacy compliance regulations and increasing concerns over protection of employee and customer data.
With the rise of the use of encryption has been an associated rise in the 'pain' associated with managing keys. However, organizations that use Hardware Security Modules (HSMs) report significantly lower levels of key management pain – a clear indication that the benefits of HSMs go beyond the most recognized benefit of stronger security and key protection, and extend into the operational realm by helping automate and simplify key management operations.
Importance of speed, cloud support, and policy
Not surprisingly, the features of encryption solutions that respondents find of highest value map to increased overall usage, as well as the growing use of the cloud. Performance, and support for both cloud and on-premise deployment, ranked first and second with respondents. Performance has always been a focus in the world of network encryption, but this high ranking across all applications sends a clear message that encryption must not slow down the applications that are vital to the business. And as organizations continue to increase their usage and dependence on the cloud for increasingly sensitive data and applications, the number 2 ranking for support for cloud indicates that organizations aren’t willing to accept completely separate encryption tools to support their cloud data protection needs, and instead expect on-premise solutions to extend their reach.
Front-running industries for encryption usage
Not surprisingly, heavily regulated industries that deal extensively with both financial and personal data topped the list of extensive encryption users. Financial Services, Healthcare, and Technology & Software companies ranked one, two, and three. However, the rise in encryption use across multiple industries indicates that encryption continues to be adopted as a best practice and an increasingly important layer in a data protection strategy. Encryption by its nature is data-centric, and valuable particularly as data proliferates to more and more locations such as mobile devices and the cloud because it effectively 'follows the data', and decreases dependence on (and supplements) infrastructure-centric protections.
Applications where encryption is used the most
Databases, internet communications (e.g. SSL/TLS) and laptop hard drives achieve a first, second or third place for encryption use for the vast majority of the industries that were surveyed. Additionally, the survey found that the top application where HSMs are used is with SSL/TLS – not a surprising finding given the fallout from Heartbleed and other SSL/TLS vulnerabilities that caused a lot of disruption over the past couple years.
Financial services and hospitality organizations report the highest HSM deployment rate for SSL/TLS. With respect to database encryption, financial services, technology & software and transportation organizations report the highest HSM deployment rate.
And there’s much more…
The study also contains data on deployment of encryption in the cloud, and attitudes regarding control of encryption keys and processes for the cloud. Some interesting variability was observed across different geographies as well as industry sectors, and is shown in the report.
Overall, the study reveals that significantly more companies are embracing an enterprise-wide encryption strategy and demanding higher levels of performance, cloud-friendliness and key management capabilities from their encryption applications. Is it time for your organization to rethink its strategy?
For access to the full report, click here.