Encryption has become a strategic rather than IT issue

Sponsored by Thales and undertaken by the Ponemon Institute, the encryption trends study looks at how encryption is used within business. One of the key findings is that while IT leaders are generally still the most influential in setting the encryption agenda, non-IT leaders are increasing their influence. This may be because fear of accidental disclosure of sensitive information outweighs the fear of direct attack by malicious insiders or external hackers by a ratio of more than 2 to 1.

This in turn suggests that compliance regulators are possibly more successful at pressing security than companies’ own IT departments: the main drivers for the use of encryption are to protect brand reputation and to reduce the impact of data breaches. In countries where there is no compulsory breach notification law, but where there is an aggressive data protection regime – such as the UK and France – the primary motivation is more directly to comply with data security regulations and requirements.

This is particularly relevant to the growing use of cloud computing and especially cloud storage. Governments are simultaneously encouraging the use of cloud for both public and private organizations while also warning about security and suggesting that encryption might be the solution. According to this latest survey, the importance of using encryption to protect data in cloud environments rose significantly from last year’s survey – up from 12th position to fourth.

“Encryption,” confirms Richard Moulds, vice president strategy at Thales e-Security, “is taking center stage as a strategic IT security issue, in order to mitigate the risk of data breaches and cyber-attacks and to protect an organization’s brand, reputation and credibility.” The growing importance placed on encryption is demonstrated by an increase in spending over the last eight years, where the percentage of security budget devoted to encryption has almost doubled from 10% to 18%.

Noticeably there is also an increasing understanding of the importance of formal key management strategies to increase efficiency and reduce operational cost, particularly in Germany and Japan. This again suggests that encryption is being viewed as part of business strategy rather than merely an IT solution. “For the first time this year,” commented Dr Larry Ponemon, chairman and founder of The Ponemon Institute, “our study shows that more organizations say they have an encryption strategy than not – another clear indication that encryption is now seen as a strategic issue.”

What’s hot on Infosecurity Magazine?