Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Protection

Enterprise Data Encryption Challenged by Key Management

Locked doors can keep out burglars, but any homeowner knows that misplaced keys can be a headache.

Locked doors can keep out burglars, but any homeowner knows that misplaced keys can be a headache.

The same is true in the world of data encryption, where key management remains a key challenge for enterprises around the world according to a new survey by Thales e-Security and the Ponemon Institute. In a survey of 4,800 business and IT managers across the globe, more than half of the organizations identified key management as a major issue, ranking it a seven on a scale of one-to-ten in seriousness. Thirty percent rated it a nine or 10.  

“More than half (52 percent) of respondents believe their key management tasks are constrained because their organizations do not have dedicated staff or tools to perform key management tasks,” according to the report. “Only 23 percent of respondents say their organizations are performing key management with a dedicated expert staff and specialized tools according to well defined practices.”

A three-year comparison in the percentage of encryption key management spending as a portion of the amount spent on encryption overall shows a six percent increase.

“Whilst key management may be emerging as a barrier to encryption deployment, it is not a new issue,” said Richard Moulds, vice president strategy at Thales, in a statement. “The challenges associated with key management have already been addressed in heavily regulated industries such as payments processing, where best practices are well proven and could translate easily to a variety of other verticals. With more than 40 years’ experience providing key management solutions. Thales is ideally positioned to help organizations re-assess and re-evaluate their crypto security and key management infrastructure and deliver solutions that ensure their integrity and trustworthiness.”

The good news however is that there appears to be a growing awareness around the Key Management Interoperability Protocol (KMIP) standard. According to the report, KMIP is perceived to be of increasing importance and is expected specifically to contribute to encryption and key management strategies involving the cloud, storage and application-level encryption. Better than half of those surveyed said that the KMIP standard was important in cloud encryption compared to just 42 percent last year.

Overall, the number of respondents reporting their organizations has a comprehensive encryption strategy versus those who outnumber those that do not by more than two to one. However, just 35 percent of those surveyed said their organization has an encryption strategy applied consistently across the enterprise. That compares to 29 percent in 2012. In addition, 61 percent identified discovering where sensitive data resides (61 percent) and the ability to deploy encryption technology (50 percent) as the biggest impediments to executing a data encryption policy. 

“Encryption usage continues to be a clear indicator of a strong security posture but there appears to be emerging evidence that concerns over key management are becoming a barrier to its more widespread adoption,” said Dr. Larry Ponemon, founder of the Ponemon Institute, in statement. “For the first time in this study we drilled down into the issue of key management and found it emerging as a huge operational challenge. But questions are and should be asked about the broader topics of policy issues and choice of encryption algorithms – especially in the light of recent concerns over back doors, poorly implemented crypto systems and weak key management systems.”

Advertisement. Scroll to continue reading.
Written By

Marketing professional with a background in journalism and a focus on IT security.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

Compliance

The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...

Data Protection

While quantum-based attacks are still in the future, organizations must think about how to defend data in transit when encryption no longer works.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...