Data encryption is like the elephant in the room – especially with data breaches. It’s easier to say “If we only had EMV on our terminal, our customer’s data would’ve been protected.” Or to say “If only our employee didn’t let that fraudulent technician into our POS, our customer’s data would’ve been protected.”
What you don’t hear is the truth, even though all companies – whether breached or not breached – know it. The elephant in the room, if you will.
“If we had only encrypted our data/file/payments, then the bad guys would have gotten nothing.”
As cyberattacks continue across all sectors and in all forms, hackers have proven that the elephant is now too big to ignore and companies are finally starting to adopt encryption to protect their data.
A new Ponemon Institute report entitled Encryption Application Trends Study, sponsored by security company Thales, surveyed over 5,000 individuals within 14 industry sectors and 11 countries to discover just how much encryption is being used in today’s workplace.
The key takeaway? Encryption is becoming an integral security strategy to all 5,000 respondents. With the largest reported increase of use the 11-year annual report has seen, adoption of encryption within organizations rose from 7% to 41% in the last year.
Data breaches and cyberattacks spotlight data insecurity
Much of the increase in data encryption comes from companies within healthcare and financial services. These industries store large amounts of highly sensitive personal and financial data and thus they have seen more than their share of data breaches. Encryption is the logical step to protect this data.
Other industry sectors, including pharmaceutical, technology and software, have also been high adopters of encryption. Thales Sr. Director of Security Strategy explains the increase.
“The increased usage of encryption can be traced to many factors, chief among them being cyber-attacks, privacy compliance regulations and consumer concerns. The continuing rise of cloud computing as well as prominent news stories related to encryption and access to associated keys have caused organizations to evolve their strategy with respect to encryption key control and data residency. Our global research shows that significantly more companies are embracing an enterprise-wide encryption strategy, and demanding higher levels of performance, cloud-friendliness and key management capabilities from their encryption applications.”
Data thieves want information they can resell – whether that is personal information, such as a social security numbers and drivers’ license numbers which can be used to forge identity, or payment information, which can be used to fraudulently purchase goods.
Thus “encryption” can encompass many types of technologies designed to protect many types of data. We are hearing everyone, from retail organizations to the FBI to security experts, talk about the need for better encryption in all industry sectors – so the increase in encryption use by companies come at a pivotal time in the world of data security.
Increased performance and more seamless technology lending to encryption adoption
“This report primarily shows clear trends toward more and better encryption, easier and more efficient key management, and more organizations moving more aggressively to the cloud,” Peter Galvin, vice president of strategy at Thales, told eWEEK.
The report broke down key points on encryption, with the goal of “providing companies with a benchmark they can use against companies in similar industry sectors and/or geographies.” Points included:
- How and where organizations of different types are using encryption
- Encryption solution features that are most important
- The pain in managing various types of encryption keys
- The deployment of HSMs
- Approaches to controlling encryption keys
The report not only found that encryption use jumped from 7% to 41% among respondents, but it also detailed that:
- Performance and latency are now considered the most critical features of encryption applications, reflecting increased encryption adoption and the need to assure IT managers it does not interfere with business operations.
- Support for both cloud and on-premise deployment rose to the second most important feature of encryption applications, reflecting the increased move to the cloud and requirements for cryptographic services that span seamlessly from the enterprise to the cloud.
- Databases, internet communications (SSL/TLS) and laptop hard drives consistently top the list of areas where encryption is most frequently used.
- Companies that are more mature with respect to their encryption strategy are more likely to deploy hardware security modules (HSMs) across a wide array of encryption applications. HSMs are most frequently used in conjunction with SSL/TLS, database encryption and application-level encryption.
Encryption as an integral security strategy across organizations
In 2015 alone there were 781 recorded data breaches involving more than 169 million consumer records. Large and small corporations, alike, fell victim to fraudsters who infiltrated merchant systems and stole clear-text cardholder data.
The big data breaches that make the news often involve large retailers or restaurants – most recently Cici’s Pizza and Wendy’s.
Bluefin tackles the topic of payment encryption with our PCI-validated P2PE solution – it encrypts cardholder data at the point of interaction, preventing clear-text cardholder data from being present in a POS system or network where it could be accessible in the event of a data breach. And it’s designed for all ways of making a payment – retail terminal, mobile terminal, through a call center, and through an unattended kiosk.
But if you think encryption only applies to payments, think again. Check out the great infographic from Brian Krebs last week on all of the different locations in an organization that have data valuable to hackers. Which means companies need to look at encryption as a holistic solution that spans their entire organization.