Company-wide Encryption Strategies are on the rise to Meet Multi-cloud Security Challenges, Reveals Entrust 2022 Global Encryption Trends Study

Entrust-sponsored research conducted by the Ponemon Institute, highlights gaps impacting organizations’ ability to meet rising cybersecurity threats

Dubai, United Arab Emirates – June 9, 2022 — Organizations reporting having a consistent, enterprise-wide encryption strategy in the Middle East leapt from 29 percent to 63 percent, as they seek greater control of the data they have distributed across multiple cloud environments. This and other findings are highlighted in the Entrust 2022 Global Encryption Trends Study, the seventeenth annual multinational survey of security and IT professionals conducted by the Ponemon Institute. 

The study looks at how more than 6,000 companies across multiple sectors and 17 countries, including UAE and KSA, are prioritizing their digital security investments to regain control of the data amid dynamic cloud environments and increasing cybersecurity threat. 

Companies are taking data protection more seriously, but there’s still a way to go

While the Ponemon research has shown a steady increase in enterprise-wide encryption adoption over the years, this year’s study revealed a dramatic jump in the Middle East, from 29% to 63%, in those respondents saying that their organizations have an encryption policy that is consistently applied. Similarly, 70% of Middle East respondents rated the level of their senior leaders’ support for enterprise-wide encryption strategy as significant or very significant.

This year’s report also revealed a significant decrease since 2021 in the top challenge in planning and executing a data encryption strategy, namely the challenge of ‘locating data’ was reported down 39% from 67%. 

“With an unprecedented amount of cybersecurity threats challenging organizations today, coupled with new and dynamic cloud environments, it has never been more important to have a company-wide encryption strategy in place. According to our latest Encryption Trends Report, there has been a large jump in the Middle East region, with respondents reporting they have witnessed consistently applied encryption policies across their organizations, as well as increased support from senior leadership. This is telling of a new awakening to the need for more consistent and proactive data security,” said Hamid Qureshi, Regional Sales Director, Middle East, Africa and South Asia at Entrust. 

While the results indicate that companies have gone from assessing the problem to acting on it, they also reveal encryption implementation gaps across many sensitive data categories. For example, while 50% of respondents in the Middle East say that encryption is extensively deployed across containers, just 31% say the same for big data repositories and 32% across IoT platforms. Similarly, while 71% of Middle East respondents rate hardware security modules (HSMs) as an important part of an encryption and key management strategy, 37% said they were still lacking HSMs. These results highlight the accelerating digital transformation underpinned by the movement to the cloud, as well as the increased focus on data protection.

Organizations seek greater control of their cloud data

This year’s study also reveals how the flow of sensitive data into multiple cloud environments is forcing enterprises to increase their security in this space. Notably, this includes containerized applications, where the use of HSMs reached an all-time high of 35%. 

More than half of Middle East respondents (54%) admit their organizations transfer sensitive or confidential data to the cloud whether or not it is encrypted or made unreadable via some other mechanism such as tokenization or data masking. However, another 23% said they expect to do so in the next one to two years. 

“The rising adoption of multi-cloud environments, containers and serverless deployments, as well as IoT platforms, is creating a new kind of IT security headache for many organizations,” added Qureshi. “This is compounded by the growth in ransomware and other cybersecurity attacks. This year’s Global Encryption Trends study shows that organizations are responding by looking to maintain control over encrypted data rather than leaving it to platform providers to secure.”

When it comes to protecting some or all of their data at rest in the cloud, 41% (up from 28% in 2021) of those surveyed in the Middle East said encryption is performed in the cloud using keys generated and managed by the cloud provider. Another 32% of respondents reported encryption being performed on-premises prior to sending data to the cloud using keys their organization generates and manages, while 25% are using some form of Bring Your Own Key (BYOK) approach. Both of these models remained at the same level as last year’s results.

Together, these findings indicate the benefits of cloud computing outweigh the risks associated with transferring sensitive or confidential data to the cloud, but also that encryption and data protection in the cloud is being handled more directly.

Employees continue to represent a significant threat to sensitive data

When it comes to the sources to threats, respondents identified employee mistakes as the top threat that might result in the exposure of sensitive data – although this is down slightly from last year (54% in 2022 vs 56% in 2021), while the threat from temporary or contract workers reached its highest level ever (42% in 2022 vs 32% in 2021). The other highest ranked threats identified were system or process malfunction (19%) and hackers (33%).

These results make it clear that threats are coming from all directions so it’s distressing, but not surprising that 64% of Middle East respondents admitted having suffered at least one data breach in 2020, and just about half (49%) having suffered one in the last 12 months. 

“Over 17 years of doing this study, we’ve seen some fundamental shifts occur across the industry. The findings in the Entrust 2022 Global Encryption Trends study point to organizations being more proactive about cybersecurity rather than just reactive,” said Dr Larry Ponemon, chairman and founder of the Ponemon Institute. “While the sentiment is a very positive one, the findings also point to increasingly complex and dynamic IT landscape with rising risks that require a hands-on approach to data security and a pressing need to turn cybersecurity strategies into actions sooner rather than later.”

“As more enterprises migrate applications across multi-cloud deployments there is a need to monitor that activity to ensure enforcement of security policies and compliance with regulatory requirements. Similarly, encryption is essential for protecting company and customer data and it is encouraging to see such a significant jump in enterprise-wide adoption,” said Cindy Provin, Senior Vice President for Identity and Data Protection at Entrust. “However, managing encryption and protecting the associated keys are rising pain points as organizations engage multiple cloud services for critical functions. As the workforce becomes more transitory, organizations need a comprehensive approach to security built around identity, zero trust, and strong encryption rather than old models that rely on perimeter security and passwords.”