The number of companies that have a consistent, company-wide encryption strategy has risen from 50% to 62% in the past year. The desire for greater control over data that is distributed across multiple cloud environments was cited as a driver for this.
This was the finding of the latest "Entrust Global Encryption Trends
Study", which is being published for the seventeenth time this year.
The most important findings of the "Entrust 2022 Global Encryption Trends Study" include

Data protection is taken more seriously

Surveys have already shown a steady increase in the use of company-wide encryption over the last few years. This year, however, there was a drastic leap: The percentage of IT professionals whose company has a consistently applied encryption policy rose from 50 to 62 percent! Similarly, 61% of respondents welcomed the support of their managers on the subject of encryption.

Another positive finding of the report is reduced difficulties in implementing encryption strategies, particularly in finding data (55% compared to 65% in 2021) and classifying it (27% compared to 34%).

The results clearly show that companies have not only recognized the security problems, but have also tackled them. However, they also reveal gaps in the implementation of encryption solutions within certain sensitive categories. For example, only 34% of respondents stated that they comprehensively encrypt data containers or IoP platforms, and only 31% of big data repositories. The situation is similar with hardware security modules (HSMs). Although 63 percent of all respondents worldwide classify these as an important component of an encryption and key management strategy, half of them state that they do not yet have HSMs.

Want more control over their cloud data

This year's study also shows how the distribution of sensitive data across multiple cloud environments is forcing companies to increase security in this area. This is particularly true for containerized applications, where the use of HSMs has reached an all-time high of 40%.

More than half of respondents (55 percent) admit that their company transfers sensitive or confidential data to the cloud - whether or not it is encrypted or made unreadable by another mechanism such as tokenization or data masking. However, a further 27% say they will do so in the next one to two years.

"The proliferation of multi-cloud environments, containers and serverless deployments, and IoT platforms is creating new security challenges for many organizations," said John Metzger, vice president of product marketing for digital security solutions at Entrust. "This is exacerbated by the rise of ransomware and other cybersecurity threats. Organizations are responding by trying to maintain control of encrypted data themselves - rather than leaving it solely to platform providers to secure."

When it comes to protecting their data at rest in the cloud, 44% of IT experts (compared to 36% in 2021) say that encryption is only done in the cloud - with keys generated and managed by the cloud provider. A further 38% state that their data is already encrypted before it is sent to the cloud - with keys generated and managed by their own company. A further 21% use some form of Bring Your Own Key (BYOK).

Taken together, these results illustrate once again that the benefits of cloud computing outweigh the risks associated with transferring confidential data to the cloud. They also make it clear that companies now prefer to handle encryption and data protection in the cloud directly.

Employees are the biggest source of danger for sensitive data

In terms of sources of risk, security officers cite employee errors as the biggest threat that could lead to the disclosure of sensitive data - although the figure is slightly down on last year (47% in 2022 compared to 53% in 2021), while the perceived risk from temporary or contract workers has reached its highest level ever (currently 28% compared to 25% in 2021). System or process disruptions (32%) and hackers (29%) are also cited as particularly critical.

Threats to sensitive data come from all directions. It is therefore not surprising that almost three quarters (72%) of all respondents admit that their companies have suffered at least one data breach to date. Just under half (49%) have even been affected in the last 12 months.