A new study by Entrust has demonstrated that Australian organisations are becoming more open to using encryption, and that employee mistakes are seen as the top threat to sensitive data.
This and other findings are highlighted in the Entrust 2021 Australia Encryption Trends study, the sixteenth annual multinational survey by the Ponemon Institute reporting on the cybersecurity challenges organisations face today, and how and why organisations deploy encryption.
Identified threats and priorities
Continuing a five-year growth trend, 54% of respondents in Australia now have a consistently applied encryption plan, ahead of the global average, which reached 50% for the first time in this year’s study. The study found that the top driver for encrypting data in Australia is to protect information against specific, identified threats (63% of respondents, vs. the global average of 50% and up from 50% in Australia last year). The next highest driver was to comply with external privacy or data security regulations and requirements: (52%, down from 57% last year).
Similarly, respondent organisations in Australia encrypt several data types at higher rates than the global averages with intellectual property (62% vs. 48% globally) topping the list. Next is employee/HR data (60% vs. 48% globally), payment related data (60% vs. 53% globally) and customer information (54% vs. 42% globally), all of which continue a four-year trend above global averages.
The complexity of managing encryption and keys in 2021
Clearly this approach is paying dividends, with just 34% of Australian respondents reporting that they have experienced a data breach, compared to the global average of 44%. However, organisations have increasingly diverse encryption technology needs in order to protect a wide range of data.
There are several different applications where you can use encryption – indeed, large organisations might use as many as 15 different applications. The predominant use cases are the mature and easy-to-use ones – backup and archive, database encryption, and laptop hard disk encryption. However, as use cases proliferate, the complexity of managing different encryption technologies increases. This leads to errors in manual administration of these critical encryption keys, as highlighted by the fact that nearly 60% of respondents rate encryption key management as very painful. The top reasons cited for this pain are lack of skilled personnel and inadequate key management tools.
The growing role of hardware security modules (HSMs)
Encryption key generation and management can be more effectively managed with the use of hardware security modules (HSMs), and their adoption is continuing with 42% of respondent organisations in Australia using them. Furthermore, they report that the importance of HSMs to their encryption or key management strategy will increase from 73% to 83% over the next 12 months.
“With organisations in Australia increasing their use of the cloud, containers and IoT platforms, it’s clear that IT and security professionals across the continent strive to defend sensitive data against specific, identified threats, and comply with both internal policies and external data protection mandates,” said Jiro Shindo, Director Digital Security Solutions APAC at Entrust.
“While data encryption helps address these challenges, it also brings its own challenges stemming from inadequate encryption key management tools and skills shortages. Rising use of HSMs for encryption and key management shows that IT is starting to meet these hurdles. Organisations will benefit from a maturing ecosystem of integrated solutions for cloud security policy management, secrets management and securing containers and application development to help them bring their crypto into the light and under control.”