Encryption Finally Gaining Widespread Enterprise Adoption

A Ponemon survey reports that encryption use by companies jumped 7 percent to 41 percent, the largest increase in the 11-year history of the report.

For a long time, encryption was like drinking prune juice or taking castor oil for employees in an enterprise—they only used it when they absolutely had to.

No so anymore. Encryption for data storage and email security is now almost mainstream within enterprises, largely because: a) internal and cyber-security issues are at an all-time high; and b) security companies have been working hard to make encryption and key management easier to use.

New evidence of this trend comes from cybersecurity software maker Thales e-Security, which recently revealed the findings of its 2016 Encryption Application Trends Study.

The report, released June 28 and based on independent research by the Ponemon Institute, notes the biggest users of encryption are companies in financial services, health care and pharmaceutical and technology and software industries. Because highly regulated financial and personal healthcare data is so sensitive in nature, it is logical they would be leading the way in using encryption.

However, the key takeway in the study is this: Companies across the board reported that extensive use of encryption jumped a full 7 percent to a total of 41 percent, the largest increase in the 11-year history of this report.

Trends: More and Better Encryption and Key Management, Trust in Cloud

The Thales-Ponemon study takes in a good sampling. It is part of an annual survey of more than 5,000 individuals covering 14 major industry sectors and 11 countries; it focuses on how encryption is being used in conjunction with business applications to protect data and allows companies to benchmark their use of encryption against companies in similar industry sectors and geographies.

"This report primarily shows clear trends toward more and better encryption, easier and more efficient key management, and more organizations moving more aggressively to the cloud," Peter Galvin, vice president of strategy at Thales, told eWEEK.

This matches up with what eWEEK has been seeing in the security space for a couple of years.

"The increased usage of encryption can be traced to many factors, chief among them being cyber-attacks, privacy compliance regulations and consumer concerns," said John Grimm, senior director of security strategy at Thales. "The continuing rise of cloud computing as well as prominent news stories related to encryption and access to associated keys have caused organizations to evolve their strategy with respect to encryption key control and data residency.

"Our global research shows that significantly more companies are embracing an enterprisewide encryption strategy, and demanding higher levels of performance, cloud-friendliness and key management capabilities from their encryption applications," he said.

Key Takeaways from Survey

Here are the key data points from the survey:

-- Companies reporting extensive use of encryption jumped 7 percent up to a total of 41 percent, the largest increase in the 11-year history of this report.

-- Performance and latency are now considered the most critical features of encryption applications, reflecting increased encryption adoption and the need to assure IT managers it does not interfere with business operations.

-- Support for both cloud and on-premise deployment ascended to the second most important feature of encryption applications, reflecting the increased move to the cloud and requirements for cryptographic services that span seamlessly from the enterprise to the cloud.

-- Databases, internet communications (SSL/TLS) and laptop hard drives consistently top the list of areas where encryption is most frequently used.

-- Companies that are more mature with respect to their encryption strategy are more likely to deploy hardware security modules (HSMs) across a wide array of encryption applications. HSMs are most frequently used in conjunction with SSL/TLS, database encryption and application-level encryption.

-- For cloud data protection, financial services companies apply encryption to data at rest and exert sole organizational control over encryption keys at rates that significantly exceed averages across all industries.

Steady Increase in Encryption Usage for 11 Years

"In the 11 years the core survey has been conducted, there has been a steady increase in the use of encryption technology, with the highest increase ever in this year's results," said Dr. Larry Ponemon, chairman and founder of the Ponemon Institute.

"Along with that increase we've seen the rise of new challenges in the areas of encryption key management, data discovery and cloud-based data storage. The findings of this study demonstrate the importance of both encryption and key management across a wide range of industries and core enterprise applications—from networking, databases and application-level encryption to PKI, payments and public and private cloud computing."

You can download a free copy of the report here.

Chris Preimesberger

Chris J. Preimesberger

Chris J. Preimesberger is Editor-in-Chief of eWEEK and responsible for all the publication's coverage. In his 15 years and more than 4,000 articles at eWEEK, he has distinguished himself in reporting...