Click here to close now.




















Welcome!

Blog Feed Post

Thales and Ponemon Institute study shows increased use of encryption and further key management challenges

Plantation, FL - February 11, 2014 - Thales, leader in information systems and communications security, announces the publication of its latest 2013 Global Encryption Trends Study. The report, based on independent research by the Ponemon Institute and sponsored by Thales, reveals that use of encryption continues to grow in response to consumer concerns, privacy compliance regulations and on-going cyber-attacks and yet there are still major challenges in executing data encryption policy.

More than 4,800 business and IT managers were surveyed in the US, UK, Germany, France, Australia, Japan, Brazil and for the first time this year Russia, examining global encryption trends and regional differences in encryption usage. Results from the Russian survey showed adoption of encryption in the region to be very much in line with the rest of the countries surveyed. The report is now in its ninth year since its launch in 2005.

Key findings:

  • Steady increase in the deployment of encryption with 35% of organizations having an enterprise wide encryption strategy
  • Most organizations deploy encryption to lessen the impact of data breaches
  • The number one perceived threat to sensitive data is employee mistakes rather than external attack
  • Two biggest challenges faced by organizations executing a data encryption policy are knowing where sensitive data resides and managing the actual technology
  • Key management identified as a major issue by more than half of organizations
  • Organizations with the highest security posture are now three times more likely to have a formal encryption strategy than those with the lowest security posture

The results of the study show there has been a steady increase in the deployment of encryption solutions used by organizations over the past nine years, with 35% of organizations now having an encryption strategy applied consistently across the entire enterprise compared with 29% last year. The survey also indicated that only 14% of organizations surveyed do not have any encryption strategy compared with 22% last year.

For the first time the primary driver for deploying encryption in most organizations is to lessen the impact of data breaches, whereas in previous years the primary concern was protecting the organization's brand or reputation. Of those organizations that believe they have an obligation to disclose data breaches nearly half believe that encrypting their data provides a safe harbour that avoids the need to disclose that the actual breach occurred. The fastest growing reason as to why organizations are deploying encryption is to ensure they meet their commitments to their customers' privacy with 42% of organizations focussing on their customer's interests rather than for their own benefit, which has increased by 5% compared with last year.

The number one perceived threat to the exposure of sensitive or confidential data remains employee mistakes, according to 27% of respondents. When employee mistakes are combined with accidental system or process malfunctions, concerns over inadvertent exposure outweigh concerns over actual malicious attacks by more than 2 to1. Furthermore, forced disclosures triggered by e-discovery requests now represent the second highest perceived threat to the loss of sensitive data.

When asked about where encryption is used, organizations ranked backup tapes and databases as most important followed by network encryption and laptop encryption. Cloud encryption had a relatively low ranking compared with other encryption use cases ranking outside the top 10.

The two biggest challenges facing organizations executing a data encryption policy were discovering where sensitive data actually resides, reported by 61% of respondents, and the ability to deploy encryption technology effectively, reported by 50% of respondents. Key management was identified as a major issue with more than half of organizations surveyed rating the overall challenge associated with management of keys or certificates more than 7 on a scale of 1-10 (10 being highest) and 30% of organizations rated the challenge at 9 or 10. Whilst three quarters of organizations identified key management as a formal discipline within their organization, more than 70% of those organizations failed to allocate dedicated staff or tools to the task of managing keys.

The Key Management Interoperability Protocol (KMIP) standard that allows organizations to deploy centralized key management systems that span multiple use cases and equipment vendors, has already established a relatively high level of awareness among IT and IT security practitioners. KMIP is perceived to be of increasing importance and is expected to contribute to encryption and key management strategies specifically around cloud, storage and application-level encryption. More than half of those surveyed said that the KMIP standard was important in cloud encryption compared with 42% last year.

Hardware security modules (HSMs) are increasingly considered a critical component of a key management strategy. These devices are used to protect critical data processing activities and high value keys and can be used to strongly enforce security polices and access controls.

Dr Larry Ponemon, chairman and founder of The Ponemon Institute, says:
"Encryption usage continues to be a clear indicator of a strong security posture but there appears to be emerging evidence that concerns over key management are becoming a barrier to its more widespread adoption. For the first time in this study we drilled down into the issue of key management and found it emerging as a huge operational challenge. But questions are and should be asked about the broader topics of policy issues and choice of encryption algorithms - especially in the light of recent concerns over back doors, poorly implemented crypto systems and weak key management systems."

Richard Moulds, vice president strategy at Thales e-Security says:
"Whilst key management may be emerging as a barrier to encryption deployment, it is not a new issue. The challenges associated with key management have already been addressed in heavily regulated industries such as payments processing, where best practices are well proven and could translate easily to a variety of other verticals. With more than 40 years' experience providing key management solutions. Thales is ideally positioned to help organizations re-assess and re-evaluate their crypto security and key management infrastructure and deliver solutions that ensure their integrity and trustworthiness."

Download your copy of the new Global Encryption Trends Study

Visit Thales at booth #909, RSA Conference, Moscone Center, San Francisco, February 24-28, 2014.

See demonstrations of Thales keyAuthority in the OASIS KMIP interoperability showcase booth #1909

For industry insight and view on the latest key management trends check out our blog at http://www.thales-esecurity.com/blogs

Follow Thales e-Security on Twitter @Thalesesecurity, LinkedIn, Facebook and YouTube

About the Ponemon Institute
The Ponemon Institute© is dedicated to advancing responsible information and privacy management practices in business and government. To achieve this objective, the Institute conducts independent research, educates leaders from the private and public sectors and verifies the privacy and data protection practices of organizations in a variety of industries.

About Thales e-Security
Thales e-Security is a leading global provider of data encryption and cyber security solutions to the financial services, high technology manufacturing, government and technology sectors. With a 40-year track record of protecting corporate and government information, Thales solutions are used by four of the five largest energy and aerospace companies, 22 NATO countries, and they secure more than 80 percent of worldwide payment transactions. Thales e-Security has offices in Australia, France, Hong Kong, Norway, United States and the United Kingdom. www.thales-esecurity.com

About Thales
Thales is a global technology leader for the Aerospace & Transportation and the Defence & Security markets. In 2012, the company generated revenues of €14.2 billion ($18.3 billion) with 65,000 employees in 56 countries. With its 25,000 engineers and researchers, Thales has a unique capability to design, develop and deploy equipment, systems and services that meet the most complex security requirements. Thales has an exceptional international footprint, with operations around the world working with customers and local partners. www.thalesgroup.com

Positioned as a value-added systems integrator, equipment supplier and service provider, Thales is one of Europe's leading players in the security market. The Group's security teams work with government agencies, local authorities and enterprise customers to develop and deploy integrated, resilient solutions to protect citizens, sensitive data and critical infrastructure.

Drawing on its strong cryptographic capabilities, Thales is one of the world leaders in cybersecurity products and solutions for critical state and military infrastructures, satellite networks and industrial and financial companies. With a presence throughout the entire security chain, Thales offers a comprehensive range of services and solutions ranging from security consulting, intrusion detection and architecture design to system certification, development and through-life management of products and services, and security supervision with Security Operation Centres in France and the United Kingdom.

Contact:
Dorothée Bonneil
Thales Media Relations - Security
+33 (0)1 57 77 90 89
[email protected]

Liz Harris
Thales e-Security Media Relations
+44 (0)1223 723612
[email protected]

Source: RealWire

Read the original blog entry...

More Stories By RealWire News Distribution

RealWire is a global news release distribution service specialising in the online media. The RealWire approach focuses on delivering relevant content to the receivers of our client's news releases. As we know that it is only through delivering relevance, that influence can ever be achieved.

Latest Stories
"We've just seen a huge influx of new partners coming into our ecosystem, and partners building unique offerings on top of our API set," explained Seth Bostock, Chief Executive Officer at IndependenceIT, in this SYS-CON.tv interview at 16th Cloud Expo, held June 9-11, 2015, at the Javits Center in New York City.
Mobile, social, Big Data, and cloud have fundamentally changed the way we live. “Anytime, anywhere” access to data and information is no longer a luxury; it’s a requirement, in both our personal and professional lives. For IT organizations, this means pressure has never been greater to deliver meaningful services to the business and customers.
Digital Transformation is the ultimate goal of cloud computing and related initiatives. The phrase is certainly not a precise one, and as subject to hand-waving and distortion as any high-falutin' terminology in the world of information technology. Yet it is an excellent choice of words to describe what enterprise IT—and by extension, organizations in general—should be working to achieve. Digital Transformation means: handling all the data types being found and created in the organizat...
SYS-CON Events announced today that HPM Networks will exhibit at the 17th International Cloud Expo®, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. For 20 years, HPM Networks has been integrating technology solutions that solve complex business challenges. HPM Networks has designed solutions for both SMB and enterprise customers throughout the San Francisco Bay Area.
Chuck Piluso presented a study of cloud adoption trends and the power and flexibility of IBM Power and Pureflex cloud solutions. Prior to Secure Infrastructure and Services, Mr. Piluso founded North American Telecommunication Corporation, a facilities-based Competitive Local Exchange Carrier licensed by the Public Service Commission in 10 states, serving as the company's chairman and president from 1997 to 2000. Between 1990 and 1997, Mr. Piluso served as chairman & founder of International Te...
The Software Defined Data Center (SDDC), which enables organizations to seamlessly run in a hybrid cloud model (public + private cloud), is here to stay. IDC estimates that the software-defined networking market will be valued at $3.7 billion by 2016. Security is a key component and benefit of the SDDC, and offers an opportunity to build security 'from the ground up' and weave it into the environment from day one. In his session at 16th Cloud Expo, Reuven Harrison, CTO and Co-Founder of Tufin,...
Container technology is sending shock waves through the world of cloud computing. Heralded as the 'next big thing,' containers provide software owners a consistent way to package their software and dependencies while infrastructure operators benefit from a standard way to deploy and run them. Containers present new challenges for tracking usage due to their dynamic nature. They can also be deployed to bare metal, virtual machines and various cloud platforms. How do software owners track the usag...
SYS-CON Events announced today that MobiDev, a software development company, will exhibit at the 17th International Cloud Expo®, which will take place November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. MobiDev is a software development company with representative offices in Atlanta (US), Sheffield (UK) and Würzburg (Germany); and development centers in Ukraine. Since 2009 it has grown from a small group of passionate engineers and business managers to a full-scale mobi...
With SaaS use rampant across organizations, how can IT departments track company data and maintain security? More and more departments are commissioning their own solutions and bypassing IT. A cloud environment is amorphous and powerful, allowing you to set up solutions for all of your user needs: document sharing and collaboration, mobile access, e-mail, even industry-specific applications. In his session at 16th Cloud Expo, Shawn Mills, President and a founder of Green House Data, discussed h...
For IoT to grow as quickly as analyst firms’ project, a lot is going to fall on developers to quickly bring applications to market. But the lack of a standard development platform threatens to slow growth and make application development more time consuming and costly, much like we’ve seen in the mobile space. In his session at @ThingsExpo, Mike Weiner, Product Manager of the Omega DevCloud with KORE Telematics Inc., discussed the evolving requirements for developers as IoT matures and conducte...
There are many considerations when moving applications from on-premise to cloud. It is critical to understand the benefits and also challenges of this migration. A successful migration will result in lower Total Cost of Ownership, yet offer the same or higher level of robustness. In his session at 15th Cloud Expo, Michael Meiner, an Engineering Director at Oracle, Corporation, analyzed a range of cloud offerings (IaaS, PaaS, SaaS) and discussed the benefits/challenges of migrating to each offe...
One of the hottest areas in cloud right now is DRaaS and related offerings. In his session at 16th Cloud Expo, Dale Levesque, Disaster Recovery Product Manager with Windstream's Cloud and Data Center Marketing team, will discuss the benefits of the cloud model, which far outweigh the traditional approach, and how enterprises need to ensure that their needs are properly being met.
In their session at 17th Cloud Expo, Hal Schwartz, CEO of Secure Infrastructure & Services (SIAS), and Chuck Paolillo, CTO of Secure Infrastructure & Services (SIAS), provide a study of cloud adoption trends and the power and flexibility of IBM Power and Pureflex cloud solutions. In his role as CEO of Secure Infrastructure & Services (SIAS), Hal Schwartz provides leadership and direction for the company.
In a recent research, analyst firm IDC found that the average cost of a critical application failure is $500,000 to $1 million per hour and the average total cost of unplanned application downtime is $1.25 billion to $2.5 billion per year for Fortune 1000 companies. In addition to the findings on the cost of the downtime, the research also highlighted best practices for development, testing, application support, infrastructure, and operations teams.
The Internet of Everything (IoE) brings together people, process, data and things to make networked connections more relevant and valuable than ever before – transforming information into knowledge and knowledge into wisdom. IoE creates new capabilities, richer experiences, and unprecedented opportunities to improve business and government operations, decision making and mission support capabilities.