A lack of encryption is the main reason why businesses suffer from the loss of sensitive data, new research shows.
A study of Fortanix found that a third (33%) of the nearly 400 IT and cybersecurity professionals it surveyed said leaving data unencrypted was the top reason for losing it within their organization.
This is despite the fact that 90% agree that encryption is a good thing for their overall security. The survey also found that many organizations want to encrypt their data but are unsure how to go about it, due to a lack of staff with the expertise and skills to use encryption software, leading to uncertainty about when and where to apply it .
Positive signals
This was apparently the most difficult aspect for technology professionals to determine, with Fortanix concluding that this indicates “the need for solutions that enable consolidated discovery and assessment of cryptographic keys in hybrid, multi-cloud environments.”
The news isn't all bad, though: the research also shows that more than 80% of organizations have implemented (or plan to implement) zero trust technology. 81% of respondents also said their organization has dedicated teams to handle encryption.
Additionally, key management systems, data loss prevention, and hardware security modules were found to be the three most important technologies used to secure an organization's data.
And while only 24% currently have a unified key management system in place, more and more people are expected to implement one, with 50% planning to do so soon. On the other hand, federated key management will drop from 74% to 47%.
Organizations also want to future-proof their data protection; 76% of respondents are aware of post-quantum cryptography (PQC), with 14% already using it and 37% testing it out. However, cost and personnel are the main factors currently hindering its wider adoption.
Anand Kashyap, CEO of Fortanix, commented on the findings: “Most companies do not have full control over encryption keys, which poses significant risks. It is critical that these organizations make a paradigm shift to a data-centric security strategy with full visibility and control over their encryption tools.”
Senior analyst Jack Poller added that “while it is a positive sign that most people have confidence in encryption technologies, many do not know how to implement them in a way that meets their specific needs. It is clear that these organizations need to invest in education. , staffing and solutions to get them where they need to be.”