O slideshow foi denunciado.
Utilizamos seu perfil e dados de atividades no LinkedIn para personalizar e exibir anúncios mais relevantes. Altere suas preferências de anúncios quando desejar.

2016 Top Trends in Encryption and Data Protection

810 visualizações

Publicada em

Not surprisingly, companies are continuing to increase their use of encryption and other data protection techniques in response to data breaches and cyber attacks. But some of the other top deployment reasons – and techniques being used -- may surprise you. In this slide deck Larry Ponemon from the Ponemon Institute and John Grimm, Thales e-Security, take a look at some of the top findings in this year’s Global Encryption Trends Study, including:
• Variation in encryption and key management trends across multiple vertical industries
• Attitudes regarding protection of sensitive data in the cloud
• Types of data that are most commonly encrypted
• Common use cases for encryption, and where Hardware Security Modules are most commonly deployed for key protection and management

Or why not watch the webinar:
https://www.thales-esecurity.com/knowledge-base/webcasts/top-trends-encryption-and-data-protection

and download the report:
https://www.thales-esecurity.com/knowledge-base/analyst-reports/global-encryption-trends-study

Publicada em: Tecnologia
  • Entre para ver os comentários

  • Seja a primeira pessoa a gostar disto

2016 Top Trends in Encryption and Data Protection

  1. 1. Dr. Larry Ponemon and John Grimm March 23, 2016 Top Trends in Encryption and Data Protection 2016
  2. 2. Today’s Speakers March 23, 2016 1 Dr. Larry Ponemon Chairman & Founder, Ponemon Institute John Grimm Senior Director, Thales e-Security
  3. 3. About this research 2 This presentation contains the findings of a survey completed by 5,009 IT and IT security practitioners in the following 11 countries: United States, United Kingdom, Germany, France, Australia, Japan, Brazil, Russian Federation, India, Mexico and Arabia. The research examines how the use of encryption has evolved over the past 11 years. Sponsored by March 23, 2016
  4. 4. Agenda • Broad encryption trends 2016 • Encryption and key management challenges • Addressing those challenges • Encryption in the cloud • Summary and conclusions 3March 23, 2016
  5. 5. Encryption Strategy • Reversal over period of study! • Reflects growing importance of encryption • Also reflects struggle to apply strategy and policy consistently 4 15% 37%38% 15% 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% 50% FY05 FY06 FY07 FY08 FY09 FY10 FY11 FY12 FY13 FY14 FY15 Company has an encryption strategy applied consistently across the entire enterprise Company does not have an encryption strategy March 23, 2016
  6. 6. Encryption strategy by country DE = Germany US = United States JP = Japan UK = United Kingdom FR = France RF = Russian Federation IN = India BZ = Brazil AB = Arabian Cluster AU = Australia MX = Mexico 5 61% 45% 40% 38% 36% 36% 33% 28% 27% 26% 26% 0% 10% 20% 30% 40% 50% 60% 70% DE US JP UK FR RF IN BZ AB AU MX Company has an encryption strategy applied consistently across the entire enterprise Average March 23, 2016
  7. 7. Business owners gain influence over encryption strategy • Drivers include – Compliance – BYOD – Consumerization of IT 6 53% 32% 10% 27% 12% 16% 0% 10% 20% 30% 40% 50% 60% FY05 FY06 FY07 FY08 FY09 FY10 FY11 FY12 FY13 FY14 FY15 IT Operations Lines of business Security March 23, 2016
  8. 8. Encryption usage by vertical market • Increase across all 10 represented markets • Compliance and privacy concerns are strong drivers • Additional markets include Services, Transportation, Hospitality, Consumer Products, and Manufacturing 7 33% 35% 48% 49% 56% 25% 26% 39% 40% 48% 24% 21% 33% 31% 43% 23% 21% 31% 29% 38% 0% 10% 20% 30% 40% 50% 60% Public sector Retail Technology & software Health & pharma Financial services FY12 FY13 FY14 FY15 March 23, 2016
  9. 9. Drivers for using encryption • Compliance is a consistent year-to- year top finding • Organizations increasingly identifying and protecting specific data types 8 8% 15% 34% 35% 47% 49% 50% 61% 0% 10% 20% 30% 40% 50% 60% 70% To avoid public disclosure after a data breach occurs To comply with internal policies To reduce the scope of compliance audits To limit liability from breaches or inadvertent disclosure To protect customer personal information To protect information against specific, identified threats To protect enterprise intellectual property To comply with external privacy or data security regulations and requirement March 23, 2016
  10. 10. Encryption challenges • Discovery increasingly difficult as data proliferates • Attacks will seek out the easiest target • Bottom of this list speaks as loudly as the top 9 13% 15% 31% 35% 49% 57% 0% 10% 20% 30% 40% 50% 60% Determining which encryption technologies are most effective Training users to use encryption appropriately Ongoing management of encryption and keys Classifying which data to encrypt Initially deploying the encryption technology Discovering where sensitive data resides in the organization March 23, 2016
  11. 11. Top two threats to data exposure 1. Employee mistakes 2. System or process malfunction 10 0 10 20 30 40 50 60 70 80 90 100 AU JP UK IN AB US BZ MX RF DE FR Employee Mistakes March 23, 2016
  12. 12. What types of data are organizations encrypting? • Encryption needs to be addressed by companies of all types • Expect health- related information to rise 11 20% 30% 36% 48% 49% 55% 62% 0% 10% 20% 30% 40% 50% 60% 70% Health-related information Non-financial business information Customer information Financial records Intellectual property Payment related data Employee/HR data March 23, 2016
  13. 13. With increased encryption use comes the pain of key management • Key management pain rated 7 (out of 10) or higher by over half of respondents! • Similar pain ratings across mature and less mature countries 12 11% 13% 16% 23% 37% 46% 47% 49% 57% 0% 10% 20% 30% 40% 50% 60% Manual processes are prone to errors and unreliable Technology and standards are immature No clear understanding of requirements Insufficient resources (time/money) Too much change and uncertainty Key management tools are inadequate Systems are isolated and fragmented Lack of skilled personnel No clear ownership March 23, 2016
  14. 14. Key management systems in use • Manual = painful = prone to mistakes • Evidence that policies are becoming more formalized • HSMs on the rise 13 17% 20% 28% 31% 31% 31% 32% 32% 44% 57% 0% 10% 20% 30% 40% 50% 60% 70% Software-based key stores and wallets Smart cards Hardware security modules Removable media (e.g., thumb drive, CDROM) Formal key management practices statement (KMPS) Formal key management infrastructure (KMI) Formal definition of roles and responsibilities of the KMI including separation of duties Central key management system/server Formal key management policy (KMP) Manual process (e.g., spreadsheet, paper- based) March 23, 2016
  15. 15. HSM basics 14March 23, 2016
  16. 16. Deployment of HSMs as part of key management activities • Findings correlate with stronger security posture and encryption strategy maturity 15 54% 45% 37% 34% 32% 31% 30% 25% 25% 20% 20% 0% 10% 20% 30% 40% 50% 60% DE US UK JP RF IN AB FR BZ AU MX Does your organization deploy HSMs? Average March 23, 2016
  17. 17. HSM use cases 16 6% 6% 7% 11% 13% 24% 26% 30% 30% 31% 36% 40% 45% 6% 7% 8% 13% 14% 26% 30% 33% 34% 33% 39% 43% 50% 0% 10% 20% 30% 40% 50% 60% Crypto currency Big data encryption Code signing Internet of Things (IoT) device authentication Document signing (e.g. electronic invoicing) Private cloud encryption Payment credential issusing (e.g., mobile, EMV) Public cloud encryption Payment transaction processing PKI or credential management Application level encryption Database encryption SSL/TLS 12 months from now Current state Mature Have been growing steadily Early stage March 23, 2016
  18. 18. Importance of HSMs by industry 17 0 10 20 30 40 50 60 70 80 Percentage Importance today Importance in the next 12 months March 23, 2016
  19. 19. What about the cloud? • Over half of respondents are sending sensitive data to the cloud today, and this will rise to 84% over the next two years • Benefits of the cloud outweighing the risks 18 0 10 20 30 40 50 60 70 BZ DE US UK FR AU JP IN MX AB RF March 23, 2016
  20. 20. Cloud trends • Maturation of cloud security offerings • Less fear in the industry about cloud providers – Most threats and breaches/incidents originate with subscriber-managed components • Encryption conversation matures – “why” then “how” – Nation-state demands for data access – subscriber control – Digital shred of deleted data or isolation failure – provider control – Data in use – encryption doesn’t play – Finding data unencrypted somewhere else defeats encryption! • Users will be looking for choice for key control • Auditors will start to look closer 19March 23, 2016
  21. 21. Control of keys in the cloud 20 41% 21% 38% Only use keys controlled by my organization Only use keys controlled by the cloud provider Use a combination of keys controlled by my organization and by the cloud provider Results underscore importance of enterprise control of keys March 23, 2016
  22. 22. Summary and Conclusions • Encryption use is growing, along with the challenges associated with key management • Issues addressed here affect companies of all types • Regulations and privacy concerns are driving growth of encryption and other data protection technologies • Encryption, properly implemented with strong key management, is a very important part of a layered defense 21March 23, 2016
  23. 23. Thales e-Security 22 www.thales-esecurity.com March 23, 2016 ▌Proven, focused expertise in data protection ▌Solutions built to deliver trust High assurance security optimized for operational efficiency Leader in Hardware Security Modules (HSMs) with form factors and performance to suit every deployment scenario Hundreds of use cases across traditional, virtualized, and cloud-based environments Security certifications to satisfy regional and industry obligations ▌Just finalized acquisition of Vormetric Leading provider of data protection applications ▌Global support and services to help customers succeed
  24. 24. Resources 23 ▌Global Encryption Trends study ▌Key Management for Dummies reference guide ▌Websites ▌www.thales-esecurity.com ▌www.vormetric.com ▌www.ponemon.org ▌Next Thales e-Security webcast: April 20 ▌“Innovation and security in the digital payments world” featuring Jose Diaz and Ian Hermon March 23, 2016
  25. 25. Ponemon InstituteLLC  The Institute is dedicated to advancing responsible information management practices that positively affect privacy, data protection and information security in business and government.  The Institute conducts independent research, educates leaders from the private and public sectors and verifies the privacy and data protection practices of organizations.  Ponemon Institute is a full member of CASRO (Council of American Survey Research organizations). Dr. Ponemon serves as CASRO’s chairman of Government & Public Affairs Committee of the Board.  The Institute has assembled more than 65+ leading multinational corporations called the RIM Council, which focuses the development and execution of ethical principles for the collection and use of personal data about people and households.  The majority of active participants are privacy or information security leaders. 24March 23, 2016
  26. 26. Page 25 Questions? Ponemon Institute Toll Free: 800.887.3118 Michigan HQ: 2308 US 31 N. Traverse City, MI 49686 USA research@ponemon.org Thales e-Security +1 954 888 6200 Americas: sales@thalesesec.com EMEA: emea.sales@thales-esecurity.com APAC: asia.sales@thales-esecurity.com www.thales-esecurity.com March 23, 2016

×