Business increases use of encryption in the cloud

A recent study has shown fast growth over the past 12 months in using encryption, this is due to security-related drivers.

The Thales 2018 Global encryption trends study shows that the last year has seen the largest growth in the use of encryption within the cloud.

The increased use of encryption by organisations is the result of many different factors, the main one being the fact that most now use four or more public cloud providers and the need to protect against specific threats.

For the first time security in a multi-cloud environment has ranked above compliance as an incentive for further encryption. The study showed, protecting intellectual property and customer information was high in the rankings.

Thales commissioned the Ponemon Institute to conduct the poll of 5,000 in 12 different countries. The report looks at the new issues facing organisations that use multiple cloud providers in the light of new data protection regulations.

Over 43% of the people who responded to the poll revealed that their organisation had an encryption strategy to shield sensitive documents from hackers, fully comply with data regulations and as method to filter out mistakes from employees.

Encryption utilises mainly software to protect data however, both hardware security modules (HSMs) as well as security conscious management strategies are also used. Encryption is also becoming ever more important in the stages of deployment to the cloud.

39% of business encrypt data within public cloud services. Amazon Web Services have seen an 11% increase in encryption when compared to 2017. Whilst, the use of HSM grew to 41%, with the most frequent use cases for HSMs being SSL/TLS and application-level encryption, while 20% of respondents reported that they use HSMs with Blockchain applications.

The findings show that 49% of enterprises are either, partially or extensively deploying encryption of data on “internet of things” devices and platforms. 84% of respondents either use or plan to use the cloud for sensitive/non-sensitive applications and data in the next 12-24 months, and that 61% of respondents are using more than one public cloud provider and 71% plan to do so in the next two years.

The findings of the survey in the report are overwhelmingly positive however, there are still issues. These include the fact that data discovery rates and are named as the top data encryption planning/execution challenge by 67% of respondents, up 8% on the previous year.

Feedback from the UK, Germany, the US and France have the most issues, the EU’s General Data Protection Regulation (GDPR) is most likely the reason for this, the report said.

“Securing data in a multi-cloud environment can be especially problematic for organisations seeking compliance, particularly if they are attempting to instantiate a single organisational policy using different native tools from multiple cloud providers. Not surprisingly, policy enforcement is second only to performance as a most valued feature of encryption solutions in this year’s study,” the report said.

Data-at-rest encryption

The Chairman and founder of The Ponemon Institute, Larry Ponemon, said that while enterprises are rightfully encrypting cloud-based data, 42% of organisations indicate they will only use keys for cloud-based data-at-rest encryption they control themselves.

“Similarly, organisations that use HSMs in conjunction with public cloud-based applications prefer to own and operate those HSMs on-premise. These findings tell us control over the cloud is highly important to companies increasingly under pressure from data security threats and compliance requirements,” he said.

The senior director of security strategy at Thales eSecurity, John Grimm, said companies are understandably seeking out fast, scalable encryption tools that encompass enterprise and cloud use cases, and enforce policy consistently across both models.

“Fortunately, enterprises have more data protection choices today than when the race to the cloud began. These options include bring your own key and bring your own encryption solutions, which allow enterprises to apply the same encryption and key management solution across multiple platforms,” he said.