Welcome!

Blog Feed Post

Thales and Ponemon Institute study shows increased use of encryption and further key management challenges

Plantation, FL - February 11, 2014 - Thales, leader in information systems and communications security, announces the publication of its latest 2013 Global Encryption Trends Study. The report, based on independent research by the Ponemon Institute and sponsored by Thales, reveals that use of encryption continues to grow in response to consumer concerns, privacy compliance regulations and on-going cyber-attacks and yet there are still major challenges in executing data encryption policy.

More than 4,800 business and IT managers were surveyed in the US, UK, Germany, France, Australia, Japan, Brazil and for the first time this year Russia, examining global encryption trends and regional differences in encryption usage. Results from the Russian survey showed adoption of encryption in the region to be very much in line with the rest of the countries surveyed. The report is now in its ninth year since its launch in 2005.

Key findings:

  • Steady increase in the deployment of encryption with 35% of organizations having an enterprise wide encryption strategy
  • Most organizations deploy encryption to lessen the impact of data breaches
  • The number one perceived threat to sensitive data is employee mistakes rather than external attack
  • Two biggest challenges faced by organizations executing a data encryption policy are knowing where sensitive data resides and managing the actual technology
  • Key management identified as a major issue by more than half of organizations
  • Organizations with the highest security posture are now three times more likely to have a formal encryption strategy than those with the lowest security posture

The results of the study show there has been a steady increase in the deployment of encryption solutions used by organizations over the past nine years, with 35% of organizations now having an encryption strategy applied consistently across the entire enterprise compared with 29% last year. The survey also indicated that only 14% of organizations surveyed do not have any encryption strategy compared with 22% last year.

For the first time the primary driver for deploying encryption in most organizations is to lessen the impact of data breaches, whereas in previous years the primary concern was protecting the organization's brand or reputation. Of those organizations that believe they have an obligation to disclose data breaches nearly half believe that encrypting their data provides a safe harbour that avoids the need to disclose that the actual breach occurred. The fastest growing reason as to why organizations are deploying encryption is to ensure they meet their commitments to their customers' privacy with 42% of organizations focussing on their customer's interests rather than for their own benefit, which has increased by 5% compared with last year.

The number one perceived threat to the exposure of sensitive or confidential data remains employee mistakes, according to 27% of respondents. When employee mistakes are combined with accidental system or process malfunctions, concerns over inadvertent exposure outweigh concerns over actual malicious attacks by more than 2 to1. Furthermore, forced disclosures triggered by e-discovery requests now represent the second highest perceived threat to the loss of sensitive data.

When asked about where encryption is used, organizations ranked backup tapes and databases as most important followed by network encryption and laptop encryption. Cloud encryption had a relatively low ranking compared with other encryption use cases ranking outside the top 10.

The two biggest challenges facing organizations executing a data encryption policy were discovering where sensitive data actually resides, reported by 61% of respondents, and the ability to deploy encryption technology effectively, reported by 50% of respondents. Key management was identified as a major issue with more than half of organizations surveyed rating the overall challenge associated with management of keys or certificates more than 7 on a scale of 1-10 (10 being highest) and 30% of organizations rated the challenge at 9 or 10. Whilst three quarters of organizations identified key management as a formal discipline within their organization, more than 70% of those organizations failed to allocate dedicated staff or tools to the task of managing keys.

The Key Management Interoperability Protocol (KMIP) standard that allows organizations to deploy centralized key management systems that span multiple use cases and equipment vendors, has already established a relatively high level of awareness among IT and IT security practitioners. KMIP is perceived to be of increasing importance and is expected to contribute to encryption and key management strategies specifically around cloud, storage and application-level encryption. More than half of those surveyed said that the KMIP standard was important in cloud encryption compared with 42% last year.

Hardware security modules (HSMs) are increasingly considered a critical component of a key management strategy. These devices are used to protect critical data processing activities and high value keys and can be used to strongly enforce security polices and access controls.

Dr Larry Ponemon, chairman and founder of The Ponemon Institute, says:
"Encryption usage continues to be a clear indicator of a strong security posture but there appears to be emerging evidence that concerns over key management are becoming a barrier to its more widespread adoption. For the first time in this study we drilled down into the issue of key management and found it emerging as a huge operational challenge. But questions are and should be asked about the broader topics of policy issues and choice of encryption algorithms - especially in the light of recent concerns over back doors, poorly implemented crypto systems and weak key management systems."

Richard Moulds, vice president strategy at Thales e-Security says:
"Whilst key management may be emerging as a barrier to encryption deployment, it is not a new issue. The challenges associated with key management have already been addressed in heavily regulated industries such as payments processing, where best practices are well proven and could translate easily to a variety of other verticals. With more than 40 years' experience providing key management solutions. Thales is ideally positioned to help organizations re-assess and re-evaluate their crypto security and key management infrastructure and deliver solutions that ensure their integrity and trustworthiness."

Download your copy of the new Global Encryption Trends Study

Visit Thales at booth #909, RSA Conference, Moscone Center, San Francisco, February 24-28, 2014.

See demonstrations of Thales keyAuthority in the OASIS KMIP interoperability showcase booth #1909

For industry insight and view on the latest key management trends check out our blog at http://www.thales-esecurity.com/blogs

Follow Thales e-Security on Twitter @Thalesesecurity, LinkedIn, Facebook and YouTube

About the Ponemon Institute
The Ponemon Institute© is dedicated to advancing responsible information and privacy management practices in business and government. To achieve this objective, the Institute conducts independent research, educates leaders from the private and public sectors and verifies the privacy and data protection practices of organizations in a variety of industries.

About Thales e-Security
Thales e-Security is a leading global provider of data encryption and cyber security solutions to the financial services, high technology manufacturing, government and technology sectors. With a 40-year track record of protecting corporate and government information, Thales solutions are used by four of the five largest energy and aerospace companies, 22 NATO countries, and they secure more than 80 percent of worldwide payment transactions. Thales e-Security has offices in Australia, France, Hong Kong, Norway, United States and the United Kingdom. www.thales-esecurity.com

About Thales
Thales is a global technology leader for the Aerospace & Transportation and the Defence & Security markets. In 2012, the company generated revenues of €14.2 billion ($18.3 billion) with 65,000 employees in 56 countries. With its 25,000 engineers and researchers, Thales has a unique capability to design, develop and deploy equipment, systems and services that meet the most complex security requirements. Thales has an exceptional international footprint, with operations around the world working with customers and local partners. www.thalesgroup.com

Positioned as a value-added systems integrator, equipment supplier and service provider, Thales is one of Europe's leading players in the security market. The Group's security teams work with government agencies, local authorities and enterprise customers to develop and deploy integrated, resilient solutions to protect citizens, sensitive data and critical infrastructure.

Drawing on its strong cryptographic capabilities, Thales is one of the world leaders in cybersecurity products and solutions for critical state and military infrastructures, satellite networks and industrial and financial companies. With a presence throughout the entire security chain, Thales offers a comprehensive range of services and solutions ranging from security consulting, intrusion detection and architecture design to system certification, development and through-life management of products and services, and security supervision with Security Operation Centres in France and the United Kingdom.

Contact:
Dorothée Bonneil
Thales Media Relations - Security
+33 (0)1 57 77 90 89
[email protected]

Liz Harris
Thales e-Security Media Relations
+44 (0)1223 723612
[email protected]

Source: RealWire

Read the original blog entry...

More Stories By RealWire News Distribution

RealWire is a global news release distribution service specialising in the online media. The RealWire approach focuses on delivering relevant content to the receivers of our client's news releases. As we know that it is only through delivering relevance, that influence can ever be achieved.

Latest Stories
What sort of WebRTC based applications can we expect to see over the next year and beyond? One way to predict development trends is to see what sorts of applications startups are building. In his session at @ThingsExpo, Arin Sime, founder of WebRTC.ventures, will discuss the current and likely future trends in WebRTC application development based on real requests for custom applications from real customers, as well as other public sources of information,
Virtualization over the past years has become a key strategy for IT to acquire multi-tenancy, increase utilization, develop elasticity and improve security. And virtual machines (VMs) are quickly becoming a main vehicle for developing and deploying applications. The introduction of containers seems to be bringing another and perhaps overlapped solution for achieving the same above-mentioned benefits. Are a container and a virtual machine fundamentally the same or different? And how? Is one techn...
SYS-CON Events announced today that Infranics will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Since 2000, Infranics has developed SysMaster Suite, which is required for the stable and efficient management of ICT infrastructure. The ICT management solution developed and provided by Infranics continues to add intelligence to the ICT infrastructure through the IMC (Infra Management Cycle) based on mathemat...
SYS-CON Events announced today that Interoute, owner-operator of one of Europe's largest networks and a global cloud services platform, has been named “Bronze Sponsor” of SYS-CON's 20th Cloud Expo, which will take place on June 6-8, 2017 at the Javits Center in New York, New York. Interoute is the owner-operator of one of Europe's largest networks and a global cloud services platform which encompasses 12 data centers, 14 virtual data centers and 31 colocation centers, with connections to 195 add...
SYS-CON Events announced today that Cloudistics, an on-premises cloud computing company, has been named “Bronze Sponsor” of SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Cloudistics delivers a complete public cloud experience with composable on-premises infrastructures to medium and large enterprises. Its software-defined technology natively converges network, storage, compute, virtualization, and management into a ...
Deep learning has been very successful in social sciences and specially areas where there is a lot of data. Trading is another field that can be viewed as social science with a lot of data. With the advent of Deep Learning and Big Data technologies for efficient computation, we are finally able to use the same methods in investment management as we would in face recognition or in making chat-bots. In his session at 20th Cloud Expo, Gaurav Chakravorty, co-founder and Head of Strategy Development ...
Now that the world has connected “things,” we need to build these devices as truly intelligent in order to create instantaneous and precise results. This means you have to do as much of the processing at the point of entry as you can: at the edge. The killer use cases for IoT are becoming manifest through AI engines on edge devices. An autonomous car has this dual edge/cloud analytics model, producing precise, real-time results. In his session at @ThingsExpo, John Crupi, Vice President and Eng...
What if you could build a web application that could support true web-scale traffic without having to ever provision or manage a single server? Sounds magical, and it is! In his session at 20th Cloud Expo, Chris Munns, Senior Developer Advocate for Serverless Applications at Amazon Web Services, will show how to build a serverless website that scales automatically using services like AWS Lambda, Amazon API Gateway, and Amazon S3. We will review several frameworks that can help you build serverle...
In the enterprise today, connected IoT devices are everywhere – both inside and outside corporate environments. The need to identify, manage, control and secure a quickly growing web of connections and outside devices is making the already challenging task of security even more important, and onerous. In his session at @ThingsExpo, Rich Boyer, CISO and Chief Architect for Security at NTT i3, will discuss new ways of thinking and the approaches needed to address the emerging challenges of securit...
The taxi industry never saw Uber coming. Startups are a threat to incumbents like never before, and a major enabler for startups is that they are instantly “cloud ready.” If innovation moves at the pace of IT, then your company is in trouble. Why? Because your data center will not keep up with frenetic pace AWS, Microsoft and Google are rolling out new capabilities In his session at 20th Cloud Expo, Don Browning, VP of Cloud Architecture at Turner, will posit that disruption is inevitable for c...
SYS-CON Events announced today that Loom Systems will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Founded in 2015, Loom Systems delivers an advanced AI solution to predict and prevent problems in the digital business. Loom stands alone in the industry as an AI analysis platform requiring no prior math knowledge from operators, leveraging the existing staff to succeed in the digital era. With offices in S...
There are 66 million network cameras capturing terabytes of data. How did factories in Japan improve physical security at the facilities and improve employee productivity? Edge Computing reduces possible kilobytes of data collected per second to only a few kilobytes of data transmitted to the public cloud every day. Data is aggregated and analyzed close to sensors so only intelligent results need to be transmitted to the cloud. Non-essential data is recycled to optimize storage.
"I think that everyone recognizes that for IoT to really realize its full potential and value that it is about creating ecosystems and marketplaces and that no single vendor is able to support what is required," explained Esmeralda Swartz, VP, Marketing Enterprise and Cloud at Ericsson, in this SYS-CON.tv interview at @ThingsExpo, held June 7-9, 2016, at the Javits Center in New York City, NY.
As businesses adopt functionalities in cloud computing, it’s imperative that IT operations consistently ensure cloud systems work correctly – all of the time, and to their best capabilities. In his session at @BigDataExpo, Bernd Harzog, CEO and founder of OpsDataStore, will present an industry answer to the common question, “Are you running IT operations as efficiently and as cost effectively as you need to?” He will expound on the industry issues he frequently came up against as an analyst, and...
In his General Session at 16th Cloud Expo, David Shacochis, host of The Hybrid IT Files podcast and Vice President at CenturyLink, investigated three key trends of the “gigabit economy" though the story of a Fortune 500 communications company in transformation. Narrating how multi-modal hybrid IT, service automation, and agile delivery all intersect, he will cover the role of storytelling and empathy in achieving strategic alignment between the enterprise and its information technology.