How trustworthy is your cloud provider?
That’s the question many security personnel ask themselves, as cloud adoption continues apace. According to Thales’ 2017 Global Encryption Trends Study (carried out by Ponemon Institute), enterprises have accelerated adoption of encryption strategies in response to cloud adoption, with 41% of respondents saying their organization has an encryption strategy applied consistently across the enterprise.
About 67% of respondents take one of two routes: they either perform encryption on premise prior to sending data to the cloud, or encrypt in the cloud using keys they generate and manage on premises. But a full 37% said their organizations turn over complete control of keys and encryption processes to the cloud providers themselves.
Other critical findings demonstrate organizations continue to show a preference for control over encryption and key management when those activities migrate to the cloud. About a third (31%) are using or planning to use hardware security modules (HSMs) with bring your own key (BYOK) deployments, with 20% claiming the same for cloud access security broker (CASB) deployments.
Use of HSMs among organizations grew to its highest level ever, at 38%; of those respondents, 48% own and operate HSMs on-premise in support of cloud-based applications. Overall, usage of HSMs with CASBs is expected to double in the next 12 months (from 12% to 24%).
Also, for the first time in the study’s 12-year history, business unit leaders have a higher influence over encryption strategy than IT operations.
“This year’s findings align with key trends demonstrating an increased reliance on the cloud, ever-evolving internal and external threats, and new data sources mandating stronger protection,” said John Grimm, senior director of security strategy at Thales e-Security. “The survey further reinforces that cloud key management offerings are more important than ever—and business-leader involvement is crucial to a sound security strategy.”
And no wonder: At 55%, compliance is the top driver for encryption—followed closely by protecting enterprise intellectual property (51%), customer information protection (49%) and protection from external threats (49%).
“The accelerated growth of encryption strategies in business underscores the proliferation of mega-breaches and cyberattacks, as well as the need to protect a broadening range of sensitive data types,” said Larry Ponemon, chairman and founder of the Ponemon Institute. “Simply put, the stakes are too high for organizations to stand by and wait for an attack to happen to them before introducing a sophisticated data protection strategy. Encryption and key management continue to play critical roles in these strategies.”