A recent study, conducted by the Enterprise Strategy Group and sponsored by Everything Blockchain and, sheds light on the current state and future trajectory of encryption. As organizations grapple with the challenges of securing their digital assets, encryption emerges as the centerpiece in this dynamic landscape. Below are some of the key findings uncovered across three critical data use cases: data at rest, data in motion, and data in use.
This study sought to:
Data at rest, often residing in various digital forms such as cloud storage, databases, or mobile devices, sees an average encryption rate of 60%. However, the study predicts a substantial increase to 78% within the next 24 months. This proactive approach to securing dormant data reflects a growing awareness of the potential risks associated with data breaches and unauthorized access.
Similarly, data in motion, traversing networks and services, is encrypted at an average rate of 59%, with an anticipated rise to 77% in the next two years. This trend underscores the increasing emphasis on safeguarding information as it journeys between locations, whether through private networks or the vast expanse of the internet.
The encryption of data in use, actively processed or accessed by systems, currently stands at 60%, with an expected climb to 77% in the near future. As organizations recognize the vulnerabilities associated with data in its active state, encryption emerges as a pivotal solution to mitigate potential risks.
The ubiquitous nature of public cloud services has catalyzed the migration of sensitive data assets. Currently, 51% of an organization’s sensitive data resides in the cloud, a figure projected to grow to 68% within the next 24 months. Astonishingly, 4% of organizations already store all their sensitive data in the cloud, a number expected to triple to 13%.
Encryption plays a crucial role in securing cloud-resident sensitive data, with 68% of organizations employing encryption as the second most frequently used security technology, just behind cloud security management tools.
While cloud deployment is the preferred choice for many organizations due to its flexibility and scalability, a significant majority opts for a hybrid cryptographic infrastructure. Cloud-based key management systems (KMSs) and hardware security modules (HSMs) are increasingly favored, but a hybrid approach that combines both cloud-based and on-premises solutions prevails.
Challenges associated with migrating cryptographic infrastructure to the cloud are often rooted in internal operating issues, with 26% of organizations citing a lack of cybersecurity staff. The global cybersecurity skills shortage compounds these challenges, leading to encryption tasks falling down the priority list.
Despite these challenges, 71% of organizations have adopted a formal cryptographic program, indicating the strategic importance placed on encryption. A dedicated encryption team, reporting to the C-level in 63% of cases, underscores the critical role encryption plays in organizational security.
Encryption is not confined to a specific team; rather, it involves collaboration across various groups within an organization. While the security team takes the lead in creating policies for secrets management, certificate management, and encryption, other groups such as regulatory compliance, networking, lines of business, and legal are integral to the process.
The increasing prevalence of data exposure through cyber attacks and the looming specter of quantum computing have heightened awareness of encryption’s role in enhancing data security. Notably, 87% of organizations expect to increase their spending on encryption technologies in the next 12 months, with nearly a third classifying this increase as significant.
Recognizing the need for uniform implementation of encryption, especially in the context of post-quantum cryptography, organizations are shifting their key management strategies. While distributed and federated key management is currently prevalent in three-quarters of organizations, 32% plan to invest their increased encryption budget into a comprehensive, unified key management solution.
As the digital landscape continues to evolve, encryption emerges as a cornerstone in the defense against cyber threats. The findings from this study illustrate a clear trend: organizations are increasingly recognizing the importance of encryption across various data use cases, especially in the cloud.
The collaborative efforts of dedicated encryption teams, coupled with a strategic approach to key management, signal a proactive stance in securing sensitive information. In the face of growing cybersecurity challenges, encryption stands as a beacon of digital resilience, providing organizations with the tools to safeguard their most valuable asset—data.
*** This is a Security Bloggers Network syndicated blog from EB Control authored by Lars Nyman. Read the original post at: https://ebcontrol.io/blog-post/the-evolution-of-encryption-in-a-cloud-centric-world/