Security Experts:

Enterprise Data Encryption Challenged by Key Management

Locked doors can keep out burglars, but any homeowner knows that misplaced keys can be a headache.

The same is true in the world of data encryption, where key management remains a key challenge for enterprises around the world according to a new survey by Thales e-Security and the Ponemon Institute. In a survey of 4,800 business and IT managers across the globe, more than half of the organizations identified key management as a major issue, ranking it a seven on a scale of one-to-ten in seriousness. Thirty percent rated it a nine or 10.  

"More than half (52 percent) of respondents believe their key management tasks are constrained because their organizations do not have dedicated staff or tools to perform key management tasks," according to the report. "Only 23 percent of respondents say their organizations are performing key management with a dedicated expert staff and specialized tools according to well defined practices."

A three-year comparison in the percentage of encryption key management spending as a portion of the amount spent on encryption overall shows a six percent increase.

"Whilst key management may be emerging as a barrier to encryption deployment, it is not a new issue," said Richard Moulds, vice president strategy at Thales, in a statement. "The challenges associated with key management have already been addressed in heavily regulated industries such as payments processing, where best practices are well proven and could translate easily to a variety of other verticals. With more than 40 years’ experience providing key management solutions. Thales is ideally positioned to help organizations re-assess and re-evaluate their crypto security and key management infrastructure and deliver solutions that ensure their integrity and trustworthiness."

The good news however is that there appears to be a growing awareness around the Key Management Interoperability Protocol (KMIP) standard. According to the report, KMIP is perceived to be of increasing importance and is expected specifically to contribute to encryption and key management strategies involving the cloud, storage and application-level encryption. Better than half of those surveyed said that the KMIP standard was important in cloud encryption compared to just 42 percent last year.

Overall, the number of respondents reporting their organizations has a comprehensive encryption strategy versus those who outnumber those that do not by more than two to one. However, just 35 percent of those surveyed said their organization has an encryption strategy applied consistently across the enterprise. That compares to 29 percent in 2012. In addition, 61 percent identified discovering where sensitive data resides (61 percent) and the ability to deploy encryption technology (50 percent) as the biggest impediments to executing a data encryption policy. 

"Encryption usage continues to be a clear indicator of a strong security posture but there appears to be emerging evidence that concerns over key management are becoming a barrier to its more widespread adoption," said Dr. Larry Ponemon, founder of the Ponemon Institute, in statement. "For the first time in this study we drilled down into the issue of key management and found it emerging as a huge operational challenge. But questions are and should be asked about the broader topics of policy issues and choice of encryption algorithms – especially in the light of recent concerns over back doors, poorly implemented crypto systems and weak key management systems."

view counter