A new report by Thales e-Security and the Ponemon Institute has revealed the use of encryption within organizations is almost three-times greater than it was a decade ago, with 37% of the 5000 business and IT managers polled saying they have an encryption strategy in place across their entire enterprise. Despite this, the ‘2016 Global Encryption Trends Study’ found a significant amount of companies still have a lot of work to do regarding consistently applied encryption, especially when it comes to the cloud.
Peter Galvin, Vice President of strategy at Thales e-Security, said:
“As businesses increasingly turn to cloud services, we’re seeing a rapid rise in sensitive or confidential data being transferred to the cloud and yet only a third of respondents had an overall, consistently applied encryption strategy. Encryption is now widely accepted as best-practice for protecting data, and a good encryption strategy depends on well-implemented encryption and proper key management.”
More than half (57%) of respondents said that determining where their sensitive data resides is the biggest hurdle they face in deploying encryption. A company not knowing where/what its sensitive data is becomes a significant issue when you consider the security risks that come with an ever-increasing reliance on cloud-based services, which create more connectivity and endpoint devices. The danger here is that they also increase a company’s attack surface, effectively removing their ‘perimeter’ and leaving their network more vulnerable to attack from cyber-hackers.
“There is no perimeter,” Chester Wisniewski, Senior Security Advisor at Sophos told Infosecurity. “Today's most successful defenses depend upon data classification and acting on that classification. What data is sensitive to your company? Protect that first.”
It is concerning, then, to read that 56% of those polled are transferring sensitive or confidential data to the cloud regardless of whether or not it is encrypted or made unreadable with some other data masking, a figure expected to be as high as 84% from 2018 onwards.
David Kennerley, Senior Manager for threat research at Webroot said whilst large companies are discussing the importance of encryption on a daily basis and many unsecure protocols are being made redundant, the fact that such a high percentage admitted to transferring data without checking if it is encrypted is very surprising.
“Whether by choice or by accident, it is simply incredible to believe any organization would put its data at risk by transferring it insecurely when so many secure transfer methods and technologies exist. There is no excuse on this one.”