In the Database Encryption market, most of the companies are increasingly adopting new technologies, strategies on expansion, and collaborations to maintain dominance in the market. With rise in the use of technologies, the risk associated with them has also increased. With that, many CIOs and IT executives recognize encryption of data records at rest as a significant step in the security landscape.
IT leaders are responsible for keeping their company’s information safe and secure. This should go without saying that protecting such sensitive information should be a top priority for CIOs and security representatives. But then, are they successfully planning and implementing a preventative encryption strategy?
nCipher Security surveyed around 340 IT security professionals and found that the companies in the Middle East (ME) are increasingly adopting encryption for the safety of their data against cyber-attacks.
The Middle East Encryption Trends Study 2019 by Ponemon Institute reveals trends on use of encryption technologies by businesses in the Middle East. Here are the key findings:
Influence of security is declining
The Middle East is among the most digitized regions in the world, having a sharp migration rate of sensitive data to the cloud environment. Yet, just 17% organizations have influence of security in directing encryption strategies. It has in fact declined significantly in last three years.
With 38%, IT operations continue to have the most influence in outlining the direction of encryption strategies, according to the report.
Encryption is growing in emerging use cases
The evolution of cloud and driving technologies like IoT (Internet of Things) and Docker containers bring new security risks. This year, 31% of respondents said they use encryption for IoT devices, up from 23% last year, and 37% use encryption for Docker containers, up from 29% in previous year which is the highest for any region.
There is no doubt about the potential these technologies hold, but then the most problematic concern is their security. Consequently, many CIOs in organizations now are adopting methods to focus on data protection solutions.
In the Middle East report, 36% of respondents said their organizations now has enterprise-wide encryption strategy, a number that has been consistently growing since 2015 but with a slower pace.
Finding where sensitive data resides in organization is the biggest challenge
While encryption strategy use has been growing fast, its implementation depends on the context of information that is being processed as well as choosing the relevant business information. And while encryption may sound easy, but with that it has its own set of challenges that should be taken care of while planning an encryption solution to protect data.
nCipher Security, in its study discovered the main challenges of encryption in the Middle East region. It found that discovering where the sensitive data resides is the main challenge which CIOs are facing and this continues to be the highest from past four years.
Data discovery has declined to 58% yet continues to be the biggest challenge in planning and executing a data encryption strategy. The second biggest challenge is initially deploying encryption technology with 40% of respondents citing this as one of the main challenges. Here is the list of six biggest challenges from highest to lowest:
- Discovering sensitive data
- Initially deploying the encryption technology
- Classifying which data to encrypt
- Lack of training on how to use the encryption properly
- Ongoing management of encryption and keys
- Determining which encryption technologies are most effective
Data types routinely encrypted
At 61% and 56% respectively, financial records and intellectual property are the two most routinely encrypted data types in this region. Interestingly, employee/HR has shown the sharpest decline over the past two years, rising from 65% to 70% two years ago to only 43% now.
Health information is found to be the least common data type to be encrypted with just 14% respondents likely to encrypt that.
Hardware Security Modules for app protection reach a new height
The use of hardware security modules (HSMs) is growing rapidly. Fifty-two percent of respondents have said the HSMs are important in encryption or key management strategy and 70 percent of respondents are indicating a rising requirement for deploying HSMs in the next 12 months with higher levels of trust for both data-at-rest and applications.
When asked how HSMs are used in the organizations, 58% said they have a centralized team that offers cryptography as a service, while 42% said that each individual application owner/team is responsible for their own cryptographic services, including HSMs.
This move to a centralized model in companies in the Middle East is almost close to the global average of 60 percent of respondents.
Besides this, most of the organizations (84%) in the Middle East use cloud computing services or are planning to move to cloud platform in the next 12-24 months. It was revealed that 76% rate want encryption solutions to support both cloud and on-premises deployment, specifying the region’s growing focus on cloud security.
One of the crucial problems in encryption is key management. 64 percent respondents have rated key management as very painful. The main reasons for key management pain are lack of adequate management tools, lack of clarity in ownership, and isolated or fragmented management systems.
When we take a closer look at the region, organizations are under pressure in order to protect their business’ sensitive information and applications, but the huge number of data, challenge in discovering sensitive data and policy enforcement, combined with a shortage of cyber security experts makes this the biggest challenging environment.