Fortanix, a Santa Clara, California-based IT security company, has released a new study suggesting that a lack of encryption is the primary contributor to sensitive data loss, even though confidence in cryptographic capabilities is strong. At the same time, encryption is pervasive and on the rise for data at rest, in motion, and in use.
The survey found that 90% of respondents agreed that encryption has a positive impact on the various facets of their network security, data security, and overall security, with more than 50% saying it has a significantly positive impact in each of these areas. The report also indicates that businesses want to encrypt their data, but they often don’t know how. A lack of adequate cybersecurity staff and expertise leads to confusion around where and when to apply encryption, management complexities, and difficulty assessing cyber-security. Similarly, a lack of encryption remained the top reason for data loss for almost 33% of the respondents, and 25% experienced data loss due to policy violations such as small key size.
Ultimately, determining when and where to apply encryption emerged as the most difficult task for tech professionals, indicating the need for solutions that provide consolidated discovery and assessment of cryptographic keys across hybrid, multi-cloud environments to protect critical assets and enable security, cloud operations, and developer teams to jointly assess risk posture and remediate compliance gaps.
More than two-thirds (76%) of respondents are aware of post-quantum cryptography (PQC), including 37% already actively testing it and 14% that are currently using it. Costs, budgets, and staffing are the biggest limitations in PQC adaptation.
Roughly 81% of respondents said their organizations have dedicated teams to handle encryption, key management, and certificate management, with 63% of those reporting directly into the C-Level.
Key management systems, data loss prevention, and hardware security modules are the top three security technologies used by respondents to secure their organization’s data. Fewer than a quarter (24%) currently have a single unified key management system in place, although that is expected to grow to 50% soon. Meanwhile, distributed or federated key management system usage will shrink from 74% to just 47%.
“More than 80% of organizations say they have begun or have implemented zero trust technology, but the survey also revealed that they don’t always know where to turn when looking to implement the highest level of data security,” said Anand Kashyap, co-founder and CEO at Fortanix. “The truth is, most enterprises lack complete control over encryption keys, creating significant risk. It’s paramount these organizations adopt a paradigm shift towards a data-centric security strategy with full visibility and control over their encryption assets.”
The company’s “Operationalizing Encryption and Key Management” report surveyed nearly 400 IT, compliance, DevOps, and cybersecurity professionals involved with encryption and data security technologies and processes across the U.S. and Canada. All respondents were from either large/mid-market organizations within industries including manufacturing, financial, technology and healthcare.
The research spotlights new opportunities for partners to add value and help to strengthen the defenses of their customers.