Now in its 13th year, our Global Encryption Trends Study that is performed by the Ponemon Institute reveals interesting findings that span a dozen different geographies. This year, we found that multi-cloud use as well as compliance requirements have encouraged organizations around the globe to embrace a more extensive encryption strategy. Our study also found that these two key drivers along with protection of information against specific, identified threats are ushering in a new era of encryption and key management in France.
Below I have highlighted other key trends revealed in the 2018 France Encryption Trends Study.
The State of Encryption in France
The report reveals that organizations in France are increasingly adopting encryption to address escalating needs to protect sensitive information from internal/external threats and accidental disclosure, with 40% of respondents saying they have an encryption strategy applied consistently across their organizations. Even though this is slightly below the global average of 43%, the top valued features of encryption solutions in France indicate rigorous practices to protect encryption keys and cryptographic operations where they are used. These include:
- Tamper resistance by dedicated hardware: 90% (highest of all countries in the survey)
- Formal product security certifications (e.g., FIPS 140): 80% (highest of all countries in the survey)
- System performance and latency: 77%
- Management of keys: 71%
- Support for both cloud and on-premises deployment: 71%
The survey also found that system or process malfunction (42%) tops the list of perceived threats to sensitive data rather than hackers (30%) in second place. In the vast majority of countries, employee mistakes top this list of threats, however in France they are fourth at 27%, behind temporary or contract workers (29%) which came in third. As in all other countries surveyed for the study, in France data discovery is rated as the top challenge area in planning an encryption strategy.
Targeting the Most Sensitive Data
The survey revealed that companies in France encrypt data at rates that exceed the global averages for most data types. The rates of encryption for specific data types are:
- Payment-related data: 62% (global average 54%)
- Intellectual property: 61% (global average 52%)
- Financial records: 59% (global average 50%)
- Employee/HR data: 58% (global average 53%)
- Customer information: 56% (highest level of all countries, and 13% higher than global average)
- Healthcare information: 51% (25% higher than global average)
Additionally, the encryption use cases in France that grew the most since last year are: public cloud services (up 16%); laptop hard drives (up 13%); and cloud gateways (up 7%).
Cloud Use is On the Rise
There is a no question that France is experiencing a steady growth of cloud-based encryption. In fact, 80% of respondents in France either use the cloud for sensitive/non-sensitive applications and data today, or will do so in the next 12-24 months; 71% use more than one public cloud provider, and 77% plan to in the next two years. Notably, the increased use of multiple cloud providers has organizations managing a higher number of encryption deployments, which in turn is causing a greater need for skilled personnel to handle key management.
Furthermore, 50% of organizations indicate they will only use keys for data-at-rest encryption that they control. Fifty-seven percent of organizations that use hardware security modules (HSMs) in conjunction with public cloud-based applications prefer to own/operate those HSMs on-premises, which is the highest of all countries.
Key Management and HSMs
Both key management solutions including HSMs as well as encryption applications have an important role to play in data protection initiatives. Performance, enforcement of policy, support for emerging algorithms and key management are top of mind as encryption use grows.
In France, HSMs were rated as either very important or important today by 53% of respondents, and by 63% of respondents over the next 12 months. HSM use is 43%, which is 2% above the global average. In fact, the use of HSMs is expected to grow significantly over the next year for several core use cases including payment transaction processing (45% and projected to grow 15% in the next 12 months), application level encryption (39%), SSL/TLS (39%) and public cloud encryption (34%).