Eighty-one percent of respondents had increased the number of applications using encryption, 50 percent had increased the number of locations implementing encryption and 71 percent had increased the number of encryption keys under management compared with one year ago.
So, how is the growth of encryption and the need to manage the keys changing organizations' behaviours? In order to address the challenges brought about by the increased deployment of cryptography, Best-in-Class companies have shifted their thinking and were 60 percent more likely than the industry average group to take a more strategic, enterprise-wide approach to encryption and key management than the traditional more tactical approach of addressing particular and isolated points of risk within their infrastructure such as the theft of laptops or back-up tapes.
To further quantify this shift, the Aberdeen Group survey describes the significantly higher priorities and corresponding investments by the same Best-in-Class companies in specific encryption and key management technologies to complement other organizational structure and process related topics. The survey concludes that these pioneering organizations have already benefited by lowering the instances of actual or potential exposure while simultaneously reducing actual key management costs by an average of 34 percent.
Cryptography, embedded security by default
As Aberdeen and other independent analysts have discussed, access to encryption technology is getting easier and easier, with it often coming along for free, and has already made its way into a host of devices we use every day. Laptop computers, wireless access points, and even devices we don’t think of as being part of a typical IT infrastructure such as vending machines, parking meters, gaming machines and electronic voting terminals, have encryption embedded. The same is true for business applications and data center hardware such as back-up tape devices and database software. This is steadily resolving one of the big challenges with encryption, how to upgrade existing systems to support encryption without penalizing performance or costing a fortune in custom developments or ‘bolt-on’ encryption products.
Don't forget the keys
The widespread availability of encryption is good news but without a clear way of managing its deployment a number of pitfalls remain. Organizations of all sizes and in all industries need to look seriously at the management of the cryptographic keys, the secret codes that lock and unlock the data. Unless organizations begin laying the groundwork today this new age of encryption will present serious management challenges.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.