The global and independent platform for the SAP community.

Bring Your Own Key

The number of companies that have a consistent, enterprise-wide encryption strategy has increased from 50 to 62 percent in the past year. The desire for greater control of data was cited as the driver for this.
E-3 Magazine
26 October 2022
avatar
This text has been automatically translated from German to English.

A survey already shows a steady increase in the use of enterprise-wide encryption over the past few years. This year, however, there was a dramatic jump: The percentage of IT professionals whose company has a consistently applied encryption policy increased from 50 percent to 62 percent! Similarly, 61 percent of respondents welcomed their executives' support on encryption. These and other findings emerged from the latest Entrust Global Encryption Trends Study, now in its 17th year. The study analyzes the various challenges and measures taken by companies in the fight against cybersecurity threats. For this purpose, security and IT experts from various nations are surveyed once a year. 

Encryption strategies

Another positive finding of the report is reduced difficulty in implementing encryption strategies, particularly in locating and classifying data. The findings clearly demonstrate that companies have not only recognized the security issues, but have also addressed them. But they also reveal gaps in the implementation of encryption solutions within certain sensitive categories. For example, only 34 percent of respondents in each case say they comprehensively encrypt data containers or IoP platforms, and only 31 percent for Big Data repositories. The situation is similar with hardware security modules (HSMs). While 63 percent of all respondents worldwide rate these as an important part of an encryption and key management strategy, half say they do not yet have HSMs. 

This year's study also shows how the distribution of sensitive data across multiple cloud environments is forcing organizations to increase security in this area. This is especially true for containerized applications, where the use of HSMs is at an all-time high of 40 percent. More than half of respondents (55 percent) admit that their organization transfers sensitive or confidential data to the cloud - whether or not it is encrypted or made unreadable through some other mechanism such as tokenization or data masking. However, another 27 percent say they will do so in the next one to two years. 

Change of heart: In recent years, awareness of ransomware and other cybersecurity threats has grown. The answer: users are encrypting more and more every year.

Ransomware

"The proliferation of multi-cloud environments, containers and serverless deployments, and IoT platforms is creating new security challenges for many enterprises", explains John Metzger, vice president at Entrust. "This is exacerbated by the rise of ransomware and other cybersecurity threats. Companies are responding by trying to retain control of encrypted data themselves - rather than leaving its security solely to platform providers."

When it comes to protecting their data at rest in the cloud, 44 percent of IT professionals (up from 36 percent in 2021) say encryption is done in the cloud first - with keys generated and managed by the cloud provider. Another 38 percent say their data is already encrypted before it is sent to the cloud - with keys generated and managed by their own company. Another 21 percent use some form of Bring Your Own Key (BYOK). 

In summary, these results illustrate once again that the benefits of cloud computing outweigh the risks associated with transferring confidential data to the cloud. They also illustrate that encryption and data protection in the cloud are now preferentially handled directly by companies. In terms of sources of risk, security officers cite employee mistakes as the biggest threat that could lead to sensitive data being exposed - although the number is down slightly from last year, while the perceived risk from temporary or contract workers is at its highest level ever.

In addition, system or process malfunctions and hackers are named as particularly critical. Threats to sensitive data come from all directions. It is therefore not surprising that almost three quarters of all respondents admit that their companies have suffered at least one data breach to date. Just under half have even been affected in the past twelve months.

avatar
E-3 Magazine

Information and educational outreach by and for the SAP community.


Write a comment

Working on the SAP basis is crucial for successful S/4 conversion. 

This gives the Competence Center strategic importance for existing SAP customers. Regardless of the S/4 Hana operating model, topics such as Automation, Monitoring, Security, Application Lifecycle Management and Data Management the basis for S/4 operations.

For the second time, E3 magazine is organizing a summit for the SAP community in Salzburg to provide comprehensive information on all aspects of S/4 Hana groundwork.

Venue

More information will follow shortly.

Event date

Wednesday, May 21, and
Thursday, May 22, 2025

Early Bird Ticket

Available until Friday, January 24, 2025
EUR 390 excl. VAT

Regular ticket

EUR 590 excl. VAT

Venue

Hotel Hilton Heidelberg
Kurfürstenanlage 1
D-69115 Heidelberg

Event date

Wednesday, March 5, and
Thursday, March 6, 2025

Tickets

Regular ticket
EUR 590 excl. VAT
Early Bird Ticket

Available until December 24, 2024

EUR 390 excl. VAT
The event is organized by the E3 magazine of the publishing house B4Bmedia.net AG. The presentations will be accompanied by an exhibition of selected SAP partners. The ticket price includes attendance at all presentations of the Steampunk and BTP Summit 2025, a visit to the exhibition area, participation in the evening event and catering during the official program. The lecture program and the list of exhibitors and sponsors (SAP partners) will be published on this website in due course.