One of the biggest conundrums in security, for me, has always been encryption – or the lack of it being applied in certain areas.
After all, we use encryption all of the time for our network connections, in virtual private networks and SSL. And most enterprises do encrypt their important databases. Yet, in other areas, including enterprise apps, the use of encryption has been quite rare.
There may be good reason behind the slow uptake. Until recently, the difficulty in managing file and full disk encryption for most people and the hassles of encryption key management in enterprise environments limited its use.
I say “until recently” because a new study showed that the adoption of encryption within applications is not only increasing, the rate is accelerating. Check out the chart below, to see that the use of encryption in the enterprise hit 41% this year, up from 34% last year and much higher than the 16% in 2005, the very first year the survey was conducted.
These findings are from the 2016 Encryption Application Trends Study, conducted by the Ponemon Institute (and sponsored by Thales e-Security). The study is part of an annual survey that covers more than 5,000 respondents in 14 major industry sectors within 11 countries.
According to the report authors, drivers for the increase include risking attacks, privacy regulations and an increased concern regarding the protection of employee and customer data.
The study also found that enterprises in highly regulated industries are the biggest users of application encryption. Financial services, healthcare, and technology and software companies ranked one, two, and three.
“However, the rise in encryption use across multiple industries indicates that encryption continues to be adopted as a best practice and an increasingly important layer in a data protection strategy,” the report stated, and I agree.
The types of applications that are utilizing encryption include databases, Internet traffic (SSL/TLS) and laptop hard drives (first, second or third place in encryption use.)
This trend toward increased use of application encryption is great news because, as long as the encryption is implemented and used property, if there is a breach (and we know there will be), there is very little to worry about.