The new normal – have the fundamentals of data security and encryption changed for Australian businesses?
While I’m sitting working from home (or at least trying to), watching businesses rise/fall and adapt, how do the once predictable trends in data security and encryption evolve and meet the challenges presented by our “new normal”?
For some businesses, their entire workforce is now working remotely, and the traditional focus on protecting both company and customer data, just because regulations state you must do so, is now giving way to an understanding that protecting data is essential to sustaining a successful organisation. To be truly effective, this requires a corporate wide security strategy.
This is certainly reinforced by the findings of the 2020 Australia Encryption Trends Study which examines the use of encryption and the impact of this technology on the security posture of organisations in this region.
It’s worth noting that our survey was conducted between December 2019 and January 2020 and undoubtedly next year’s report will show different results in several areas. For example, I anticipate we’ll see an even greater uptick in:
- credential-based authentication of remote workers, based on secure digital certificates
- cloud adoption and the resulting encryption of data stored in cloud environments
- digital payment schemes, as consumers move away from using cash.
Even before the pandemic took hold, however, organisations were already demonstrating a shift in priorities, as I’ve highlighted below.
Taking control in the cloud
Corporate security used to be focused on the protection of the perimeter and threat detection – both of which are certainly still necessary in today’s business environment. However, we now see a definite change. Organisations now understand that now their data is going to be dispersed, not only geographically but across the infrastructure of several different cloud service providers. With more and more online applications, remote online channels and a remote workforce, Australian organizations are seeing a huge drive of business into the cloud.
More than 80% of Australian respondents report transferring sensitive data to the cloud, or planning to do so within the next 12 to 24 months. However, they see the need to take control and make sure that the data is protected to the same level of security in the cloud as it is on premise, hence the rise in adoption of encryption (up 11% since last year) in the cloud.
Are encryption keys more important than your data?
While the majority of customers understand the need for better management of security, they don’t always know what questions to ask or what tools are most suitable to their needs.
One of the critical elements of any encryption strategy is the use of hardware security modules (HSMs) to protect the all-important encryption keys. HSMs provide state-of-the art key protection, access control enforcement, and secure code execution.
HSM adoption is growing, not only in Australia, but worldwide – as is their importance to organisations’ encryption and key management strategies. Among Australian respondents, 42% currently deploy HSMs (a massive increase from 25% in 2017) and 84% are knowledgeable about HSMs. Of those respondents whose organizations currently use HSMs, 83% say that HSMs are important to their key management strategy – the highest rate globally.
Securing new payment schemes
Australia is ahead of the curve when it comes to encrypting payment-related data, with 71% of respondents encrypting payment data compared with the global average of 54%. That’s jumped from 44% just two years ago, driven by new digital payment schemes and mobile payment apps – all of which rely on encryption as part of their underlying framework. To support digital payments, organisations need strong data security as well as cryptography coupled with the secure management of encryption keys. These frameworks can’t exist without such measures so the need for properly managed encryption has never been greater.
According to Jay Schiavo, vice president of products and markets for Entrust Datacard’s certificate services, “Organisations that have a good handle on what and how to encrypt payment data are now focused on how to automate it to make it easier and future proof encryption plans. It’s not feasible to keep adding headcount to keep it all under control, and it’s becoming difficult for some companies to even understand what crypto they have operating across the business, what complies with internal and external policies, when it expires, etc. So they’re looking for tools to automate finding, provisioning, managing and rotating keys and certificates so that when the next big change comes they’re prepared for it.” And that’s where HSMs come in, helping automate those processes.
Embracing the challenges
As organisations in Australia have realized how essential encryption and cryptography are to their data security, they have steadily increased their adoption of encryption strategies across traditional use cases such as internet communications and laptop hard drives, as well as newer ones like cloud, container and IoT devices. As they rely on more products and applications that perform encryption, they seek solutions that offer support for emerging algorithms, scalability and separation of duties.
Australian organisations are certainly on the right track. The good news is that, from what we can see from the survey, more organisations see encryption as the go-to solution for protecting their data. We can also see that more of them are doing the most critical aspect of any data protection strategy, which is to properly manage the keys.
Click here for more details on the results from the Australian 2020 Encryption Tends Study or for a worldwide view, download the 2020 Global Encryption Trends Study.