Opinion
Enterprise Strategy Group research highlighted the encryption challenges enterprises face, including lack of encryption, cryptographic infrastructure inadequacies and more.
By
- Todd Thiemann,Enterprise Strategy Group
Published: 18 Apr 2024
As enterprise data volume growth accelerates and organizations deploy new applications to support business initiatives, the need to secure sensitive data becomes more critical. Encryption remains a critical component of data security, but not every organization is prepared to handle the ins and outs of encryption.
New research on encryption and key management from TechTarget's Enterprise Strategy Group revealed how enterprises secure their on-premises and cloud data stores. Here are some key takeaways to help organizations optimize their encryption strategy for better security.
Encryption is a strategic security activity with increasing budgets
The research showed that nearly three-quarters of organizations have adopted a formal cryptographic program. Furthermore, more than eight in 10 organizations have a team or at least an individual dedicated to encryption, key management and certificate management. The majority of respondents said these individuals or teams directly report to the C-suite.
In addition to encryption being a strategic initiative, spending is expected to increase. Nearly nine in 10 organizations said they expect to increase their spending on encryption technologies relative to other areas of cybersecurity in the next 12 months, with almost a third classifying this increase as significant.
Recognizing that encryption, especially migrating to post-quantum cryptography, needs to be uniformly implemented organization-wide for the optimal security outcomes, many organizations said they are shifting their key management strategies.
Lack of encryption is a primary contributor to data loss
One in five respondents said their organization lost sensitive data in the last 12 months, though of greater concern are the 26% who suspected their organizations had lost sensitive data but don't know for sure because they don't have the tooling or expertise to find out.
The most common culprits behind these sensitive data-loss events include not encrypting sensitive data in a timely manner and malicious actors exfiltrating unencrypted data, which speaks to poor access controls. Other policy shortfalls included incorrect or insufficient security policies, unsanctioned applications and shadow data, and undersized encryption keys.
Cryptographic teams struggle with operational issues
Organizations migrating cryptographic infrastructure to the cloud struggle with internal operating issues. Most notably, more than a quarter of organizations cited a lack of sufficient cybersecurity staff. Other common challenges included expense and budget issues, the complexity and effort required, and relegating encryption due to other priorities.
To operate properly, cryptographic infrastructure must interoperate with myriad devices, systems and applications throughout the ever-more complex IT environment.
Data discovery and categorization are needed
While the survey results showed organizations have confidence in the location of their data, respondents indicated they attributed past loss of sensitive data to undiscovered shadow data. Specifically, 94% of respondents said they were mostly or completely confident in their organization's ability to discover and identify sensitive data. However, 18% of organizations attributed a sensitive data-loss event within the past year to undiscovered shadow data, and 27% said they lost data due to shadow apps and services.
These dynamics tie back to Enterprise Strategy Group's 2024 Technology Spending Intentions Survey, which showed data security posture management on the top 10 list for privacy and protection technologies for 2024. Sensitive data stores are growing with the increase of cloud-resident workloads, and encryption teams struggle to identify sensitive data flows to secure them.
Upping your encryption game in 2024
The future for encryption and key management lies in efficiency and optimization. Data security in the form of encryption and key management is an essential pillar in any organization's data security strategy. It protects sensitive data, helps ensure regulatory compliance, and meets contractual and data governance obligations across both on-premises and cloud infrastructure.
Security teams are under pressure to improve efficiency and deliver more, frequently without commensurate resources. The survey results speak to rationalizing, updating and optimizing an organization's encryption strategy to make the most of its investments. In the balance between pools of encryption technology vs. consolidated platforms, enterprises expect to move toward the latter that provide unified key management.
Todd Thiemann is a senior analyst covering identity access management and data security for TechTarget's Enterprise Research Group. He has more than 20 years of experience in cybersecurity marketing and strategy.
Enterprise Strategy Group is a division of TechTarget. Its analysts have business relationships with technology vendors.
Related Resources
Dig Deeper on Data security and privacy
- cryptanalysisBy: TechTargetContributor
- cryptographyBy: KathleenRichards
- encryptionBy: RobertSheldon
- communications security (COMSEC)By: PaulKirvan
