As more and more organisations migrate to the cloud and create multi-cloud environments, they’re feeling the pain of increased complexity and loss of control: Sensitive and valuable data is zinging around the enterprise and to and from public and private clouds, making it hard to know where that data is located — and even harder to protect it.
This year’s Entrust 2022 Global Encryption Trends Study focused in on this multi-cloud security challenge. The 17th annual report, conducted by the Ponemon Institute, looks at how more than 6,000 companies across multiple sectors and 17 countries/regions including the UAE and the Kingdom of Saudi Arabia (KSA) are prioritising their digital security investments to regain control of the data in their dynamic cloud environments.
So, what are the big takeaways?
Data is more vulnerable than ever
Data security threats continue to increase in the Middle East region, setting the stage for the urgency around everything else covered by the report. We all see it in the headlines, and most organisations feel it directly: 64 percent of Middle East organisations surveyed have suffered a data breach, with half reporting a breach within the last 12 months.
The threats are coming from all directions even here in the Middle East. Employee mistakes are still the biggest source of sensitive data breaches, accounting for more than half (54 percent). But combining malicious insiders (19 percent) and external hackers (33 percent), we see that intentional actors account for around half of top-ranked threats.
A major jump in encryption adoption
Effective encryption protects against both intentional and unintentional breaches, so it’s encouraging to see that The Ponemon Institute has reported the sharpest increase in encryption strategy adoption in the nearly two decades of this study. While encryption adoption globally has been slowly climbing by 2-3 percent annually, adoption in organisations across the Middle East jumped up to 63 percent from 29 percent in 2021, a staggering 34 percent increase over the past year. A similar trend is noticed in the prominence of enterprise-wide encryption strategy being part of the wider business goals amongst senior leaders being rated as significant by 70 percent of Middle East respondents.
Essential industries amping up encryption
Not surprisingly, organisations in tech, software, education, and research have traditionally been leaders in encryption usage. But this year’s most significant increases in extensive encryption usage in the Middle East occurred in energy & utilities, financial services, services sector and the public sector.
This reflects growing awareness of vulnerabilities and incidences of high-profile breaches in these sectors, particularly as geopolitical conflicts heighten the risk of state-sponsored/condoned cyberattacks on core industries. Moreover, global events over the past few years have demonstrated just how fragile supply chains, power grids and other critical infrastructure can be — and the impact of any disruption in these areas on global economies.
Uber data breach spotlights need for enterprises to ‘get the basics right’, say experts
HSMs becoming a vital and versatile tool to gain control
As they prioritise and invest in future-ready encryption strategies, hardware security modules (HSMs) are becoming an essential and versatile component of organisations’ security posture. More than seven in ten (71 percent) of Middle East respondents believed that implementing HSMs to their security with an urgency is vital. Half of respondents said they’re using an HSM as a foundational part of their multi-cloud security strategies.
There’s also a big shift in how they’re leveraging HSMs to support cloud cases: To accommodate the decentralised complexity of today’s digital enterprise landscape, 59 percent of organisations say they’ve moved to a private cloud model where a centralised team provides cryptography as a service across the entire organisation — instead of the traditionally siloed, application-specific model. Over the next year, 1 in 3 say they’re planning to use HSMs with cloud access security brokers — and more than one-third say they’re planning to deploy an owned and operated HSM for the purpose of generating and managing Bring Your Own Key (BYOK) implementations to send to the cloud.
Enterprises accelerating move to the cloud, regardless of security concerns
Despite the spike in adoption of encryption strategies in the Middle East, respondents reported several barriers and challenges around encryption. Nearly two-thirds said key management is a painful challenge — made more difficult by the ongoing tech talent shortage in IT and security roles. Only 39 percent of local respondents – compared to global figures of over half the respondents – said the biggest challenge is simply identifying where data lives and moves in order to encrypt it.
Nevertheless, it’s clear that the benefits of cloud computing continue to outweigh the data security risks — and the pains and challenges of mitigating those risks. More than half of Middle East respondents said their organisations transfer sensitive or confidential data to the cloud whether or not it is encrypted or made unreadable via some other mechanism such as tokenisation or data masking. Another 23 percent said they plan to begin doing so in the next year or two — again, regardless of whether they deploy comprehensive encryption first.
Bottom line: The data is in the cloud and threats keep accelerating. The best path forward ensures that organisations are in the know and in control of their cryptographic infrastructure.
