The number of organisations consistently applying a data encryption strategy has risen sharply in the space of a year, whilst many are finding it easier to locate the data they need for the job.
Organisations reporting having a consistent, enterprise-wide encryption strategy in the Middle East leapt from 29 per cent to 63 per cent between last year and this year, as many seek to have greater control over dispersed cloud-based data.
These were the primary findings of a recent survey of security and IT professionals, which was conducted by the Ponemon Institute.
The study involved 6,000 companies across various sectors and countries, including the UAE and KSA, and the response indicated that many are prioritising their digital security investments to regain control of the data amid dynamic cloud environments and increasing cybersecurity threats.
Jumping the gap
Although they’ve experienced a steady level of adoption over the past few years amid the growing prevalence of cloud-based systems, encryption strategies have now become fintech’s must-have item, especially so in the Middle East, where the rate of constant application within an enterprise jumped dramatically from 29 per cent to 63 per cent.
Similarly, 70 per cent of Middle East respondents rated the level of their senior leaders’ support for enterprise-wide encryption strategy as ‘significant’ or ‘very significant’.
The data also shows a significant decrease of 39 per cent in the number of people struggling to locate the right data; being identified as one of the top challenges of planning and executing an effective data encryption strategy.
“With an unprecedented amount of cybersecurity threats challenging organisations today, coupled with new and dynamic cloud environments, it has never been more important to have a company-wide encryption strategy in place,” comments Hamid Qureshi, regional sales director, Middle East, Africa and South Asia at Entrust.
“This [report] is telling of a new awakening to the need for more consistent and proactive data security.”
While the results indicate that companies have gone from assessing the problem to acting on it, they also reveal encryption implementation gaps across many sensitive data categories.
For example, while half of the respondents in the Middle East say that encryption is extensively deployed across containers, just 31 per cent say the same for big data repositories and 32 per cent across IoT platforms.
Similarly, while 71 per cent rate hardware security modules (HSMs) as an important part of an encryption and key management strategy, 37 per cent are still lacking HSMs.
These results highlight the accelerating digital transformation underpinned by the movement to the cloud, as well as the increased focus on data protection.
Organisations seek greater control of their cloud data
The sensitive nature of the data sitting within multiple cloud environments is forcing enterprises to up their security strategy. Notably, this includes containerised applications, where the use of HSMs reached an all-time high of 35 per cent.
More than half of the report’s Middle East respondents admitted that their organisations transfer sensitive or confidential data to the cloud whether or not it is encrypted or made unreadable via some other mechanism such as tokenisation or data masking.
Concerningly, an additional 23 per cent said they expect to do so in the next one to two years.
“The rising adoption of multi-cloud environments, containers and serverless deployments, as well as IoT platforms, is creating a new kind of IT security headache for many organisations,” added Qureshi.
“This is compounded by the growth in ransomware and other cybersecurity attacks. This year’s study shows that organisations are responding by looking to maintain control over encrypted data rather than leaving it to platform providers to secure.”
When it comes to protecting some or all of their data at rest in the cloud, 41 per cent of respondents in the Middle East said encryption is performed in the cloud using keys generated and managed by the cloud provider; an improvement from the 28 per cent recorded in 2021.
Another 32 per cent reported encryption being performed on-premises prior to sending data to the cloud using keys their organisation generates and manages, while a quarter are using some form of Bring Your Own Key (BYOK) approach. Both of these models remained at the same level as last year’s results.
Together, these findings indicate the benefits of cloud computing outweigh the risks associated with transferring sensitive or confidential data to the cloud, but also that encryption and data protection in the cloud is being handled more directly.
The employee threat to sensitive data
When it comes to threat sources, respondents identified employee mistakes as the top threat that might result in the exposure of sensitive data – although this is down a mere two per cent from last year.
The threat from temporary or contract workers rose 10 per cent to the highest level ever recorded; reaching 42 per cent. The other highest-ranked threats identified were system or process malfunction (19%) and hackers (33 per cent).
These results make it clear that threats are coming from all directions so it’s distressing, but not surprising that 64 per cent of Middle East respondents admitted having suffered at least one data breach in 2020, and just about half (49 per cent) having suffered one in the last 12 months.
“Over 17 years of doing this study, we’ve seen some fundamental shifts occur across the industry. The findings in the Entrust 2022 Global Encryption Trends study point to organisations being more proactive about cybersecurity rather than just reactive,” said Dr Larry Ponemon, chairman and founder of the Ponemon Institute.
“While the sentiment is a very positive one, the findings also point to an increasingly complex and dynamic IT landscape with rising risks that require a hands-on approach to data security and a pressing need to turn cybersecurity strategies into actions sooner rather than later.”
“As more enterprises migrate applications across multi-cloud deployments there is a need to monitor that activity to ensure enforcement of security policies and compliance with regulatory requirements. Similarly, encryption is essential for protecting company and customer data. It’s encouraging to see such a significant jump in enterprise-wide adoption,” said Cindy Provin, SVP for identity and data protection at Entrust.
“However, managing encryption and protecting the associated keys are rising pain points as organisations engage multiple cloud services for critical functions. As the workforce becomes more transitory, organisations need a comprehensive approach to security built around identity, zero trust, and strong encryption rather than old models that rely on perimeter security and passwords.”