Cloud encryption still lagging far behind other use cases: SafeNet

Increasing use of mobile and cloud-based services to store mission-critical data is raising the profile of enterprise data-encryption services, but a survey of Australian executives suggests that immature encryption-key management continues to compromise the technology's potential benefits.

Although 62 percent of respondents to the SafeNet Survey report were either experimenting with or running cloud computing, just 15 percent of respondents were using encryption as part of their cloud-services deployments. This compared with more than half who were using encryption in more-mature areas like virtual private networks (VPNs) and endpoint encryption.

Respondents were broadly aware of the importance of encryption, however: nearly 49 percent said they were likely or very likely to implement cloud or hard-disk encryption technology within the next 12 to 24 months.

Mark Yakabuski, SafeNet's vice president of product management for cryptography management, told CSO Australia that the growing profile of encryption technology was due to a growing sense that perimeter security had become fruitless in the cloud era: “there is a lot more focus on protection of data via encryption and discussion of its role when you're moving to the cloud,” he explained.

“Data centre consolidation starts with business justification – you want lower cost, higher efficiencies, better time to market, and better compliance. But data centre consolidation and the cloud are also driving a much wider and quicker expansion of those encryption use cases. Smart grids, mobile payments, document signing, SSL protection, DNS Sec, and code signing – all are examples of the proliferation of the expansion of encryption use cases.”


The enabling technology for those use cases, however, remains less than complete for a majority of Australian companies, according to the survey. Even where encryption was being used – or was planned to be used – respondents suggested that most companies are still struggling to implement robust management of encryption keys across encryption platforms.

More than 30 percent of respondents said they were using seven or more forms of encryption, yet only 22 percent said they had implemented encryption key-management technologies with the ability to centrally manage encryption based on business data-protection policies.

A quarter of the respondents had no key management solution in place at all.

Of those who had implemented key management, compliance was a significant driver in the decision to implement encryption, which was often correlated with a range of other compliance controls.

For example, those companies with centralised key management in place were three times more likely than other companies to have central logging, four times more likely to have separation of duties, over three times more likely to have audit controls, and almost five times more likely to have secure logging.

Those figures reflected the more mature position of companies with strong compliance cultures, but there are indications that a growing understanding of the need for cloud-based encryption – particularly when data is stored in other jurisdictions – has been improving the overall position, Yakabuski said.

“From an adoption cycle we're in the early stages,” he said. “The technology available today allows customers to deploy in virtual data centres all the way to the cloud, across the portfolio. Centralised control delivers a high-assurance, shared platform for internal cloud groups to provision out encryption services for their consuming party. And the technology will continue to evolve as the use cases evolve.”

Join the CSO newsletter!

Error: Please check your email address.

Tags encryption-key managementendpoint encryptionSafeNetCloudvpnMark YakabuskisafeNet Survey reportmobile

More about CSOSafeNetSmart

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place