Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Protection

Enterprise Data Encryption Challenged by Key Management

Locked doors can keep out burglars, but any homeowner knows that misplaced keys can be a headache.

Locked doors can keep out burglars, but any homeowner knows that misplaced keys can be a headache.

The same is true in the world of data encryption, where key management remains a key challenge for enterprises around the world according to a new survey by Thales e-Security and the Ponemon Institute. In a survey of 4,800 business and IT managers across the globe, more than half of the organizations identified key management as a major issue, ranking it a seven on a scale of one-to-ten in seriousness. Thirty percent rated it a nine or 10.  

“More than half (52 percent) of respondents believe their key management tasks are constrained because their organizations do not have dedicated staff or tools to perform key management tasks,” according to the report. “Only 23 percent of respondents say their organizations are performing key management with a dedicated expert staff and specialized tools according to well defined practices.”

A three-year comparison in the percentage of encryption key management spending as a portion of the amount spent on encryption overall shows a six percent increase.

“Whilst key management may be emerging as a barrier to encryption deployment, it is not a new issue,” said Richard Moulds, vice president strategy at Thales, in a statement. “The challenges associated with key management have already been addressed in heavily regulated industries such as payments processing, where best practices are well proven and could translate easily to a variety of other verticals. With more than 40 years’ experience providing key management solutions. Thales is ideally positioned to help organizations re-assess and re-evaluate their crypto security and key management infrastructure and deliver solutions that ensure their integrity and trustworthiness.”

The good news however is that there appears to be a growing awareness around the Key Management Interoperability Protocol (KMIP) standard. According to the report, KMIP is perceived to be of increasing importance and is expected specifically to contribute to encryption and key management strategies involving the cloud, storage and application-level encryption. Better than half of those surveyed said that the KMIP standard was important in cloud encryption compared to just 42 percent last year.

Overall, the number of respondents reporting their organizations has a comprehensive encryption strategy versus those who outnumber those that do not by more than two to one. However, just 35 percent of those surveyed said their organization has an encryption strategy applied consistently across the enterprise. That compares to 29 percent in 2012. In addition, 61 percent identified discovering where sensitive data resides (61 percent) and the ability to deploy encryption technology (50 percent) as the biggest impediments to executing a data encryption policy. 

“Encryption usage continues to be a clear indicator of a strong security posture but there appears to be emerging evidence that concerns over key management are becoming a barrier to its more widespread adoption,” said Dr. Larry Ponemon, founder of the Ponemon Institute, in statement. “For the first time in this study we drilled down into the issue of key management and found it emerging as a huge operational challenge. But questions are and should be asked about the broader topics of policy issues and choice of encryption algorithms – especially in the light of recent concerns over back doors, poorly implemented crypto systems and weak key management systems.”

Written By

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Application Security

Google’s Threat Analysis Group (TAG) has shared technical details on an Internet Explorer zero-day vulnerability exploited in attacks by North Korean hacking group APT37.

Application Security

Password management firm LastPass says the hackers behind an August data breach stole a massive stash of customer data, including password vault data that...

Application Security

Software maker Adobe on Tuesday released security patches for 29 documented vulnerabilities across multiple enterprise-facing products and warned that hackers could exploit these bugs...

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...