AUSTRALIA ENCRYPTION TRENDS STUDY - 2021 Find out how organisations are protecting data across multiple clouds, and how your encryption strategy ...
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
You are here. Your data is there. Threats are everywhere. 2021 AUSTRALIA ENCRYPTION TRENDS STUDY Find out how organisations are protecting data across multiple clouds, and how your encryption strategy compares.
PONEMON INSTITUTE PRESENTS THE FINDINGS OF THE
2021 AUSTRALIA ENCRYPTION TRENDS STUDY1
We surveyed 317 individuals in Australia to Fifty-four percent of respondents say their
examine the use of encryption and the impact organisations have an overall encryption
of this technology on the security posture of strategy that is applied consistently across
organisations in this region. Globally, 6,457 the entire enterprise and 36 percent of
individuals across multiple industry sectors in organisations have a limited encryption plan
17 countries and regions were surveyed. The or strategy.
research includes: Australia, Brazil, France,
Germany, Hong Kong, Japan, Mexico, Middle Following are the findings from this year’s
East (which is a combination of respondents research.
located in Saudi Arabia and the United
Arab Emirates), Netherlands, the Russian
Federation, Southeast Asia, South Korea,
Spain, Sweden, Taiwan, the United Kingdom
and the United States.2
Moving ahead
Organisations in Australia have adopted enterprise-wide
encryption strategies faster than global averages
60%
54%
50%
41% 50%
40%
30%
32%
20%
10%
Australia
0% Global
2017 2018 2019 2020 2021
1
This year’s data collection was started in December 2020 and completed in January 2021. Throughout the report we present trend data based on the fiscal year
the survey commenced rather than the year the report is finalized. Hence, we present the current findings as fiscal year 2020.
2
Country-level results are abbreviated as follows: Australia (AU), Brazil (BZ), France (FR), Germany (DE), Hong Kong (HK), Japan (JP), Korea (KO), Mexico (MX),
Middle East (AB), Netherlands (NL), Russia (RF), Spain (SP), Southeast Asia (SA), Sweden (SW), Taiwan (TW), United Kingdom (UK), and United States (US).
PONEMON INSTITUTE © RESEARCH REPORT 2STRATEGY AND ADOPTION
Mistake or malice: The results are the same
OF ENCRYPTION Top 5 threats to sensitive data
IT operations has the most influence in Employee mistakes 64% Highest rate
X worldwide
directing encryption strategies. While
responsibility for the encryption strategy is System or process
40%
malfunction
dispersed throughout the organisation, IT
operations (33 percent of respondents) has the Third party 21%
service providers
most influence. Fifteen percent of respondents
say no one single function is responsible for Highest rate
Lawful data request 20% worldwide
encryption strategy.
Malicious insiders 17%
Which data types are most often encrypted?
Sixty-two percent of respondents say their
organisations are encrypting intellectual This is followed by system or process
property, 60 percent of respondents say malfunction (40 percent of respondents).
employee/HR data and payment-related data Twenty percent of respondents rate lawful
is encrypted. Less than a third (30 percent) of data requests as a threat, which is tied for
respondents say their organisations encrypt the highest region.
healthcare information.
Protecting information against specific
THREATS, MAIN DRIVERS identified threats is the main driver for the
AND PRIORITIES use of encryption. Sixty-three percent of
respondents say they encrypt to protect
Negligent insiders pose the greatest threat to
information against specific, identified threats
sensitive data. The most significant threats to
and 52 percent of respondents say compliance
the exposure of sensitive or confidential data
with external privacy or data security
are employee mistakes, according to 64 percent
regulations and requirements is the reason to
of respondents (the highest rate worldwide).
encrypt sensitive and confidential data.
Do your priorities match your promises?
Top 6 types of data that organisations encrypt in Australia
62% 60% 60%
53% 55% 55% 54%
48% 48%
42%
30%
24%
Intellectual Payment- Employee/ Financial Customer Healthcare
property related data HR data records information information
Australia Global
3 PONEMON INSTITUTE © RESEARCH REPORTForty-three percent say they encrypt data to Certain encryption features are considered
comply with internal policies, the highest more critical than others. Respondents
rate worldwide. were asked to rate encryption technology
features considered most important to their
Encryption strategy is increasingly organisation’s security posture. Eighty-
data-driven three percent of respondents (the highest
Top 5 drivers for using encryption
rate worldwide) say support for emerging
Highest rate worldwide
To protect information
algorithms (e.g. ECC) and 85 percent of
against specific, up 13% from last year 63%
identified threats respondents say separation of duties and
To comply with external role-based controls are critical features in
privacy or data security 52%
regulations and requirement encryption technology solutions.
Highest rate worldwide
To comply with
internal policies 43%
The Australian approach
To protect enterprise As encryption use grows, Australia shows a
intellectual property 42%
stronger preference than other regions for
encryption solutions with these specific features
To reduce the scope
of compliance audits 40%
Highest Australia
rate
worldwide Global
85% 83%
Discovering where sensitive data resides in 70%
57% 57% 56%
the organisation continues to be the biggest
challenge. Fifty-nine percent of respondents
say their organisations consider discovering
Separation of Support for System
where sensitive data resides as the biggest duties and emerging scalability
role-based algorithms
challenge when planning and executing a data controls
protection strategy. Half of respondents say
initially deploying the encryption technology is
one of their biggest challenges. ATTITUDES ABOUT KEY
MANAGEMENT
DEPLOYMENT CHOICES How painful is key management? Fifty-nine
percent of respondents rate key management
No single encryption technology dominates as very painful, which suggests respondents
because organisations have very diverse view managing keys as a very challenging
needs. Encryption of Internet communications activity. The top reasons are: lack of skilled
(e.g. TLS/SSL) and laptop and hard drives personnel (60 percent of respondents),
are most likely to be extensively deployed inadequacy of key management tools
(62 percent and 54 percent of respondents, (55 percent of respondents) and no clear
respectively). Internet of Things (IoT) ownership (49 percent of respondents).
platforms/data repositories and IoT devices are
at least partially deployed, each at 60 percent
of respondents.
PONEMON INSTITUTE © RESEARCH REPORT 4Fifty-four percent respondents say their
Key management is a people problem organisations plan to use blockchain. The two
For the 4th straight year, a lack of skilled
personnel is the top reason why key primary use cases will be cryptocurrency/
management is painful
wallets and asset transactions/management,
each at 59 percent of respondents.
The business case for blockchain
60% 55% 49% Average timeframe for planned use of blockchain
Lack of skilled Key management No clear is 3 years from now vs. global average of 2.5 years
personnel tools are ownership
inadequate
Asset transactions management
59%
Which keys are most difficult to manage? Cryptocurrency wallets
The most difficult keys to manage are keys for
external cloud or hosted services, including
59%
BYOK keys (82 percent of respondents, Smart contracts
which is the highest rate worldwide), SSH 44%
keys and signing keys (each at 51 percent of
Supply chain
respondents). Least painful to manage are
keys to embed into devices (e.g. at the time of 40%
manufacture in device production environments Identity
or for IoT devices used), according to 20
percent of respondents.
38%
Multi-party computation will reach mainstream
Juggling is struggling enterprise adoption much sooner than
Australia rates the pain associated with quantum algorithms. Respondents were
managing several types of encryption keys
higher than global averages, including: asked to estimate how long it will take before
Keys for external cloud
quantum algorithms, homomorphic encryption
or hosted services Highest rate worldwide 82%
including Bring Your
and multi-party computation to be adopted.
58%
Own Key (BYOK)
While it is estimated that quantum algorithms
Key associated 50%
with SSL/TLS will be adopted in an average of seven years,
41%
multi-party computation will be adopted in an
48%
Payments-related keys
35% average of nearly five and a half years.
Encryption keys for 38%
backups and storage 29% IMPORTANCE OF HARDWARE
Australia Global SECURITY MODULES (HSMs)
HSMs are very important to organisations’
Cryptocurrency/wallets and asset encryption or key management strategy.
transactions/management are the applications Eighty-eight percent of respondents are
organisations plan to use blockchain for. knowledgeable about HSMs.
5 PONEMON INSTITUTE © RESEARCH REPORTWe asked respondents who are in organisations currently transfer sensitive or confidential data
that currently deploy HSMs (42 percent of to the cloud (whether or not it is encrypted or
respondents) how important they are to their made unreadable via some other mechanism)
encryption or key management strategy. and 31 percent of respondents plan to in the
Seventy-three percent of respondents say next 12 to 24 months.
they are important today and 83 percent of
respondents say will be important in the next How do organisations protect data at rest in
12 months. the cloud? Forty percent of respondents say
encryption is performed on-premises prior
How organisations are using HSMs. Fifty- to sending data to the cloud using keys the
eight percent of respondents say they have a organisation generates and manages. Twenty-
centralized team that provides cryptography eight percent of respondents say encryption is
as a service and 42 percent of respondents performed in the cloud using keys generated/
say each individual application owner/team managed by the cloud provider. Twenty-four
is responsible for their own cryptographic percent of respondents are using some form of
services. Today, 67 percent of respondents Bring Your Own Key (BYOK) approach.
use HSMs for TLS/SSL including firewalls, and
application delivery controllers. In 12 months, 67 Who holds the keys?
When encrypting data-at-rest in the cloud,
percent of respondents say their organisations 64% of organisations prefer to control the
will be using payment transaction processing or encryption keys vs. 59% globally
payment credential issuing/provisioning. 40%
38%
The path is clear 24%
21%
How organisations plan to increase HSM
deployment in the next 12 months
Payment transaction Encryption performed in Encryption performed
processing or payment up 34% from 67%
last year the cloud using keys their on-premises prior to
credential issuing organisation generates and sending data to the
manages on-premises cloud using keys their
organisation generates
With Secrets up 22% from and manages
38%
Management solutions last year
Australia Global
Code signing up 24% from
last year 35%
What are the top three encryption features
up 10% from
Database encryption last year 31%
specifically for the cloud? The top three
up 15%
features are granular access controls
Key management 23%
from last
root of trust year (67 percent of respondents), support for
the KMIP standard for key management
CLOUD ENCRYPTION (65 percent of respondents), and Bring Your
Own Key management support (59 percent
Almost half of organisations transfer sensitive of respondents).
or confidential data to the cloud. Forty-nine
percent of respondents say their organisations
PONEMON INSTITUTE © RESEARCH REPORT 6ABOUT PONEMON INSTITUTE
The Ponemon Institute© is dedicated to advancing responsible
information and privacy management practices in business and
government. To achieve this objective, the Institute conducts
independent research, educates leaders from the private and
public sectors, and verifies the privacy and data protection
practices of organisations in a variety of industries.
ABOUT ENTRUST
Entrust keeps the world moving safely by enabling trusted
identities, payments, and data protection. Today more than ever,
people demand seamless, secure experiences, whether they’re
crossing borders, making a purchase, accessing e-government
services, or logging into corporate networks. Entrust offers an
unmatched breadth of digital security and credential issuance
solutions at the very heart of all these interactions. With more
than 2,500 colleagues, a network of global partners, and
customers in over 150 countries, it’s no wonder the world’s
most entrusted organisations trust us. For more information,
visit entrust.com
7 PONEMON INSTITUTE © RESEARCH REPORTLearn more at entrust.com
Entrust, nShield, and the Hexagon Logo are trademarks, registered trademarks, and/or service marks of Entrust Corporation
in the U.S. and/or other countries. All other brand or product names are the property of their respective owners.
© 2021 Entrust Corporation. All rights reserved. HS22Q1-2021-australia-encryption-trends-study-re
PONEMON INSTITUTE © RESEARCH REPORT 8You can also read
