The survey, ”Encryption and Key Management” which was co-sponsored by encryption management vendor, nCipher, found that Best-in-Class organizations (a category that Aberdeen defined as including organizations that have seen the most improvement in their IT security effectiveness over the past 12 months) demonstrated a tremendous increase in the number of applications and locations deploying cryptography in order to protect sensitive data compared with one year ago and, consequently, an increase in the number of encryption keys they have to manage.

Eighty-one percent of respondents had increased the number of applications using encryption, 50 percent had increased the number of locations implementing encryption and 71 percent had increased the number of encryption keys under management compared with one year ago.

So, how is the growth of encryption and the need to manage the keys changing organizations' behaviours? In order to address the challenges brought about by the increased deployment of cryptography, Best-in-Class companies have shifted their thinking and were 60 percent more likely than the industry average group to take a more strategic, enterprise-wide approach to encryption and key management than the traditional more tactical approach of addressing particular and isolated points of risk within their infrastructure such as the theft of laptops or back-up tapes.


To further quantify this shift, the Aberdeen Group survey describes the significantly higher priorities and corresponding investments by the same Best-in-Class companies in specific encryption and key management technologies to complement other organizational structure and process related topics. The survey concludes that these pioneering organizations have already benefited by lowering the instances of actual or potential exposure while simultaneously reducing actual key management costs by an average of 34 percent.

Cryptography, embedded security by default

As Aberdeen and other independent analysts have discussed, access to encryption technology is getting easier and easier, with it often coming along for free, and has already made its way into a host of devices we use every day. Laptop computers, wireless access points, and even devices we don’t think of as being part of a typical IT infrastructure such as vending machines, parking meters, gaming machines and electronic voting terminals, have encryption embedded. The same is true for business applications and data center hardware such as back-up tape devices and database software. This is steadily resolving one of the big challenges with encryption, how to upgrade existing systems to support encryption without penalizing performance or costing a fortune in custom developments or ‘bolt-on’ encryption products.

Don't forget the keys

The widespread availability of encryption is good news but without a clear way of managing its deployment a number of pitfalls remain. Organizations of all sizes and in all industries need to look seriously at the management of the cryptographic keys, the secret codes that lock and unlock the data. Unless organizations begin laying the groundwork today this new age of encryption will present serious management challenges.