Cloud shift, data security driving encryption use

As the Apple iPhone legal flap illustrates, encryption is emerging as the security tool of choice as more sensitive data is stored in the cloud.

An industry study co-sponsored by aerospace and cyber security specialist Thales found that widespread use of encryption is accelerating in response to high-profile cyber attacks, stricter privacy regulations and the steady transfer of sensitive data to the cloud.

The encryption study, released during this week's RSA security conference in San Francisco, found that a majority of survey respondents expect to shift to private, public or hybrid cloud platforms within the next two years—something the Defense Department also is moving towards. The survey of more than 5,000 global business and IT executives also found that 84 percent of respondents expect to transfer sensitive data to the cloud by 2018.

While regulated industries like the financial and health care sectors make the greatest use of encryption technologies, trends over the last four years suggest a steady overall rise in crypto deployments. "The most significant increases in extensive encryption usage [will] occur in public sector, retail and technology and software organizations," the study forecasts.

Germany, Japan, the U.K. and the United States were found to have the highest rates of deployment. The most important encryption technology features were securing both cloud and on-premise deployment and boosting system performance while reducing latency. Another was integrating encryption with other security tools, the study found.

While corporate IT budgets are declining, the encryption study found that IT security and "data protection" spending are on the rise. Encryption accounts for much of the increase in security IT infrastructure, particularly for cloud deployments, while data protection spending relative to total IT security budgets has been growing for more than a decade.

According to the survey, the use of public-key encryption infrastructure reached a tipping point in fiscal 2011 when the number of companies developing a strategy around the technology equaled those who said they had none. By the end of last year, 37 percent of respondents said they were deploying encryption technologies as part of a migration to cloud platforms. Meanwhile, only 15 percent of respondents said they had no current plans to use encryption.

While hackers, data breaches and malicious insider attacks grab most of the headlines, the survey found that the biggest threat to sensitive data is "employee mistakes." Just over half of respondents cited mishandling of sensitive data, while 30 percent blamed "system or process malfunction." That fact has fueled the growth of automated tools designed to enforce security policies. (And although a recent survey of DOD IT pros found foreign governments identified as the most serious cyber threat, careless insiders are still high on the list.)

In a metric relevant to military and aerospace contractors, 61 percent of IT executives surveyed cited compliance with external data security and privacy regulations as the main driver for using encryption technologies.

Thales and Vormetric Data Security commissioned the annual study by the Ponemon Institute.

Speaking at the RSA conference, Defense Secretary Ashton Carter pitched the Defense Digital Service to an audience of security experts, whether a part of the upcoming Hack the Pentagon project or another endeavor. "Try it out, work on an important problem for a year or two, or a project [and] see how you like it," he said, adding, "maybe you'll come back and do something another time with us."