The use of encryption continues to grow, yet managing keys across fragmented encryption implementations remains a challenge.
The Ponemon Institute’s annual survey of business and IT managers found that 34 percent of more than 4,700 survey respondents use encryption extensively.
The top three reasons for deploying encryption were compliance with data protection mandates, to address specific security threats, and to reduce the scope of compliance audits.
Respondents ranked the employee mistakes as the number one threat to sensitive data.
“Hackers have to work hard to get access and even then it can be very limited,” Richard Moulds, vice president of product strategy for Thales, which sponsored the study, told eWEEK. “Also, employees often don’t have a sense of what is truly risky. They often lack training on what data is sensitive and what is not, and therefore how to adjust their behavior accordingly. Even if they are trained, employees will often cut corners and bend security rules to get the job done. Finally, in some cases they may even be malicious and have a motive to steal information.”
The survey also indicated the use of encryption has had a dramatic effect on the perceived requirement to notify those impacted in the event of a data breach. Nearly half of respondents said they believe that the use of encryption removed the need to disclose a breach.
More than half of respondents view hardware security modules as an important part of key management strategy.
The survey also revealed the primary reasons why key management– identified as a major pain point by more than half of respondents–is so difficult are lack of corporate ownership, fragmented systems and inadequate tools.
Meanwhile, the biggest challenge faced by organizations executing a data encryption policy was discovering where within their networks their sensitive data actually resides. Despite the attention focused on cloud and big data technologies, these are the least likely areas to use encryption. Backend storage, archives and databases are the most likely, according to survey results.
“As encryption becomes a commodity the challenge of managing keys could become overwhelming,” Moulds said. “Fifty percent of respondents stating that isolated and fragmented systems were their biggest source of pain in managing keys and certificates and lack of ownership of the key management problem across organizations is an even bigger issue.”