Skip to main content
banner image
venafi logo

Budget for Encryption Increasing Over Time, Reveals Survey

Budget for Encryption Increasing Over Time, Reveals Survey

encryption spending
April 17, 2018 | David Bisson

Everyone makes mistakes; we're all human. But slip-ups can spell big trouble in the IT security arena. Indeed, human error was at least partly to blame for the exposure of CareFirst BlueCross BlueShield members' medical information and Pennsylvania teachers' data. More significantly, the blunder of a single employee played a role in the 2017 Equifax breach, an incident which is thought to have compromised at least 146 million Americans' sensitive details.

Security professionals are well-aware of these and other dangers involving human error. In Thales' 2018 Global Encryption Trends Study, almost half of respondents (47 percent) rated employee mistakes as the most significant threat to sensitive data. This viewpoint outweighed other risks including system or process malfunctions (31 percent), hackers (30 percent) and temporary or contract workers (22 percent).

For its report, Thales commissioned Ponemon Institute to survey 5,252 individuals across industry sectors in Australia, Brazil, France and nine other countries. The purpose of the publication, which Venafi helped co-sponsor, was to determine how encryption has evolved over the past 13 years and how it has affected organizations' security posture.

Considering the widespread concern over employee mistakes, it's not surprising that IT professionals are increasingly turning to encryption to protect their organizations' sensitive data. This trend is reflected in the increasing proportion of IT spending dedicated to encryption and other security measures.

In 2017, security budget allocations reached a record high of 10.6 percent of total IT spending. Encryption expenditures dipped slightly from 14.4 percent of IT security spending to 12.3 percent, but that lower amount could reflect organizations' deeper familiarity and therefore more efficient use of encryption technologies over years past.

Of course, the number of encryption solutions available on the market has dramatically increased in recent times. John Grimm, senior director of security strategy at Thales eSecurity, is well aware of this development. As quoted by a release issued by Thales:

“Companies navigating today’s threat landscape are understandably seeking out fast, scalable encryption tools that encompass enterprise and cloud use cases, and enforce policy consistently across both models. Fortunately, enterprises have more data protection choices today than when the race to the cloud began. These options include bring your own key (BYOK) and bring your own encryption (BYOE) solutions, which allow enterprises to apply the same encryption and key management solution across multiple platforms.”

The variety described by Grimm makes organizations' choice of encryption technologies a significant decision. Their investments reveal what types of features organizations look for when choosing a technology and what types of information they slate for encryption. That being said, here are some key findings from Thales and Venafi's report:

  • No single encryption technology dominated organizations' security strategies, as enterprises have diverse needs for encryption assets. Even so, 49 percent of respondents said they had already partially deployed IoT encryption on devices and platforms.
     
  • Respondents deemed some encryption features more important than others. Among all the others, survey participants said system performance and latency, enforcement of policy and support for cloud and on-premise deployment were essential services.
     
  • Security personnel reported that HR and payment data were most likely to be encrypted and that health-related data was the least likely type of information to be encrypted.

Thales' report also provides insight into how organizations are applying encryption to parts of their IT ecosystem where such security measures are still taking shape. This is especially true for cloud environments. Overall, 61 percent of respondents said they currently transfer sensitive or confidential data to the cloud whether or not it is encrypted. Just over one-fifth (21 percent) of survey participants admitted they intend to follow that same path within the next year or so.

When it comes to looking for cloud encryption technology, more than six in 10 individuals look for support of the Key Management Interoperability Protocol (KMIP), granular access controls and SIEM integration and visualization along with analysis of logs at 66 percent, 60 percent and 62 percent, respectively. Once they choose this technology, 47 percent of respondents perform encryption on-premise prior to sending data to the cloud using keys generated and maintained by the company. That proportion is greater than those participants who use encryption keys generated by the cloud provider (38 percent) and who use a "Bring Your Own Key" (21 percent).

Dr. Larry Ponemon, chairman and founder of The Ponemon Institute, says the survey found that organizations generally like to maintain that level of control when it comes to encrypting data hosted in the cloud. As quoted by the Thales release:

“While enterprises are rightfully encrypting cloud-based data, 42% of organizations indicate they will only use keys for cloud-based data-at-rest encryption that they control themselves. Similarly, organizations that use HSMs in conjunction with public cloud-based applications prefer to own and operate those HSMs on-premises. These findings tell us control over the cloud is highly important to companies increasingly under pressure from data security threats and compliance requirements.”

Of course, if organizations are going to generate and manage their own encryption keys, they need to make sure they do so securely. They should ideally invest in an automated solution that continuously monitors their keys and certificates. For information on how Venafi can help in this regard, click here.

Related blogs

Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

Why Encryption Should Be the Next Step in Operationalizing GDPR Compliance

Why Encryption Should Be the Next Step in Operationalizing GDPR Compliance

Russia-Yandex Encryption Spat Highlights Trust as a Competitive Business Advantage

Russia-Yandex Encryption Spat Highlights Trust as a Competitive Business Advantage

https phishing, tls certificate, phishing scam

FBI Warns Users about Phishing Campaigns that Leverage HTTPS Websites

About the author

David Bisson
David Bisson

David Bisson writes for Venafi's blog and is an expert in machine identity protection.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud


Venafi Cloud manages and protects certificates



* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
(@%+^!#$?:,(){}[]~`-_)
* Please fill in this field
* Please fill in this field
* Please fill in this field
*

End User License Agreement needs to be viewed and accepted



Already have an account? Login Here

×
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more
Chat