Back to News

Multi-cloud deployment and compliance requirements shape encryption strategy, finds latest Thales Global Encryption Study

By: webarq, MAY 04, 2018

Thales, a leader in critical information systems, cybersecurity and data security, announces the results of its 2018 Global Encryption Trends Study. The report, based on independent research by the Ponemon Institute and sponsored by Thales, is an overview of changes and challenges faced by organizations in a world where cloud deployments using multiple providers are widespread and the landmark EU General Data Protection Regulation (GDPR) is about to come into effect.

In year’s edition, 43% of respondents reported that consistent encryption strategies are deployed throughout their organization. This strategy, leveraged to protect sensitive data against cybercriminals, help organizations to satisfy a complex web of compliance regulations and protect against unwanted human error. Encryption, either through software or hardware using hardware security modules (HSMs), is often coupled with the best practices in key management. As more and more companies adopted cloud computing, encryption plays an increasing central role.

Key findings:

  • 84% of respondents either use cloud storage for sensitive/non-sensitive applications and data today, or will do so in the next 12-24 months.
  • 61% of respondents use more than one public cloud computing provider. 71% plans to do so in the next two years.
  • 11% rise in use of encryption in public cloud computing services, such as Amazon Web Services, Microsoft Azure and Google Cloud, among respondents (39%).
  • Overall HSM use grew to 41% -- the highest level ever. The most common use cases for HSMs are SSL/TLS and application level encryption, with 20% of respondents reporting that they use HSMs with blockchain applications
  • 49% of enterprises are either partially or extensively deploying encryption of IoT data on IoT devices and platforms

This year’s findings are reassuring signs, but there are always challenges. The top priority for 67% of respondents is data encryption planning/execution, a rise by 8%. The GDPR, coming into effect this May, poses an added layer of complexity for respondents from the UK, Germany, US, and France.

The report raises concern on consistent encryption and key management policies given the prevalent use of multiple cloud services. If an organization seeks compliance, problems are likely to arise out of its desire to implement a monolithic policy for a loose confederate of cloud environments using native tools of each cloud provider. Regardless of policy enforcement, this year’s report found that performance reigns king in using encryption solutions.

Dr. Larry Ponemon, chairman and founder of The Ponemon Institute, says:

“While enterprises are rightfully encrypting cloud-based data, 42% of organizations indicate they will only use keys for cloud-based data-at-rest encryption that they control themselves. Similarly, organizations that use HSMs in conjunction with public cloud-based applications prefer to own and operate those HSMs on-premises. These findings tell us control over the cloud is highly important to companies increasingly under pressure from data security threats and compliance requirements.”

John Grimm, senior director of security strategy at Thales eSecurity, says:

“Companies navigating today’s threat landscape are understandably seeking out fast, scalable encryption tools that encompass enterprise and cloud computing use cases, and enforce policy consistently across both models. Fortunately, enterprises have more data protection choices today than when the race to the cloud began. These options include bring your own key (BYOK) and bring your own encryption (BYOE) solutions, which allow enterprises to apply the same encryption and key management solution across multiple platforms.”

The Global Encryption Trends Study is now in its thirteenth year. The Ponemon Institute surveyed more than 5,000 people across multiple industry sectors in the United States, United Kingdom, Germany, France, Australia, Japan, Brazil, the Russian Federation, Mexico, India, Saudi Arabia, the United Arab Emirates, and Korea.

The new 2018 Global Encryption Trends Study can be downloaded here