New ESG Study Finds That Organizations Struggle in Their Ability to Assess and Remediate Data Encryption Risks and Policy Violations
Fortanix a leader in data security and pioneer of Confidential Computing revealed the results of a new study conducted by Enterprise Strategy Group (ESG) titled “Operationalizing Encryption and Key Management.” Among the findings: lack of encryption is the primary contributor to sensitive data loss, even though confidence in cryptographic capabilities is strong. At the same time, encryption is pervasive and on the rise for data at rest, in motion, and in use.
CIO INFLUENCE News: ISG to Publish Report on Salesforce Partner Ecosystem
“More than 80% of organizations say they have begun or have implemented zero trust technology, but the survey also revealed that they don’t always know where to turn when looking to implement the highest level of data security”
The study surveyed nearly 400 IT, compliance, DevOps, and cybersecurity professionals involved with encryption and data security technologies and processes across the U.S. and Canada. All respondents were from either large/mid-market organizations within industries including manufacturing, financial, technology and healthcare.
The survey found that 90% of respondents agreed that encryption has a positive impact on the various facets of their network security, data security, and overall security, with more than 50% saying it has a significantly positive impact in each of these areas. The report also uncovered that businesses want to encrypt their data, but they often don’t know how. A lack of adequate cybersecurity staff and expertise leads to confusion around where and when to apply encryption, management complexities, and difficulty assessing cyber-security. Similarly, a lack of encryption remained the top reason for data loss for almost 33% of the respondents, and 25% experienced data loss due to policy violations such as small key size.
Ultimately, determining when and where to apply encryption emerged as the most difficult task for tech professionals, indicating the need for solutions that provide consolidated discovery and assessment of cryptographic keys across hybrid, multicloud environments to protect critical assets and enable security, cloud operations, and developer teams to jointly assess risk posture and remediate compliance gaps.
CIO INFLUENCE News: Crayon Is One of Selected Partners to Offer Microsoft 365 Copilot
Other learnings into IT professionals’ challenges and priorities on encryption include:
- More than two-thirds (76%) of respondents are aware of post-quantum cryptography (PQC), including 37% already actively testing it and 14% that are currently using it. Costs, budgets, and staffing are the biggest limitations in PQC adaptation.
- Roughly 81% of respondents said their organizations have dedicated teams to handle encryption, key management, and certificate management, with 63% of those reporting directly into the C-Level.
- Key management systems, data loss prevention, and hardware security modules are the top three security technologies used by respondents to secure their organization’s data. Fewer than a quarter (24%) currently have a single unified key management system in place, although that is expected to grow to 50% soon. Meanwhile, distributed or federated key management system usage will shrink from 74% to just 47%.
“More than 80% of organizations say they have begun or have implemented zero trust technology, but the survey also revealed that they don’t always know where to turn when looking to implement the highest level of data security,” said Anand Kashyap, co-founder and CEO at Fortanix. “The truth is, most enterprises lack complete control over encryption keys, creating significant risk. It’s paramount these organizations adopt a paradigm shift towards a data-centric security strategy with full visibility and control over their encryption assets.”
“It is no secret that data security is a challenge for many organizations, and this report uncovers some of the reasons why,” said Jack Poller, Enterprise Strategy Group Senior Analyst. “While it’s a positive sign that most have confidence in encryption technologies, many don’t know how to implement it in a way that addresses their specific needs. It’s apparent that these organizations need to invest in education, staffing, and solutions to get them where they need to be.”
CIO INFLUENCE News: Cyware Renews System and Organization Control (SOC) 2 Certification
[To share your insights with us, please write to sghosh@martechseries.com]
