Skip to main content

Clouds, HSMs and secrets – what does the future hold for enterprise encryption?

laptop on desk displaying code
(Image credit: Unsplash)

Against a backdrop of global uncertainty and swift digitization, enterprises are taking giant leaps to protect their networks and confidential data — so much so that, for the first time, half of all organizations across the globe currently report having an overall encryption strategy. 

However, despite its significance, this milestone also exposes gaps that are leaving enterprises vulnerable to serious threats and attacks, particularly in multi-cloud environments, and when dealing with sensitive customer data saved on platforms such as the best cloud storage services.

According to the findings of the 2021 Entrust Global Encryption Trends Study, the 16th edition of the survey conducted in 17 countries including the UK, organizations experience a considerable disconnect between the recognized importance of customer data and the prioritization of encrypting this same information. 

While IT professionals rank protection of customer details as the most important reason to encrypt, the study finds it’s in fact fifth on the list of data types that enterprises encrypt (42 percent) — behind financial records (55 percent), payment-related data (55 percent), employee/HR data (48 percent), and intellectual property (48 percent).

The COVID-19 pandemic has also uncovered weaknesses in some enterprises’ data protection strategies. Financial services, for instance, became an even bigger target for fraud and other malicious activities like phishing — evidenced in complaints to the Consumer Financial Protection Bureau escalating in 2020 due to an increase in digital sales. 

Cybersecurity failure has also been classified as one of the top 10 risks in likelihood by the World Economic Forum, with increased cyberattacks on government agencies and companies. Fundamentally, by taking more operations online, organizations across all industries are inevitably putting themselves at a higher risk if unable to effectively encrypt their data.

In this context, and based on Entrust’s latest annual study, here are four key insights to help understand enterprise encryption in the present and how the landscape will evolve in the future.

1. More secure multi-cloud environments 

By attempting to successfully navigate the pandemic and reorganize entire work structures — including the shift to multiple clouds to enable remote work — organizations have been risking cyber threats of considerable proportions brought on by a lack of knowledge on where their confidential data is being stored, and therefore not being able to adequately protect it.

One of the largest gaps in protection is identified precisely here, in multi-cloud environments, with organizations currently using an average of eight different products that perform encryption. Furthermore, encryption keys for cloud services — including Bring Your Own Key (BYOK) – are identified as being the most challenging to manage of all key types.

Not only is key management increasingly complex, but simply knowing where organizational data resides across on-premise, virtual, cloud and hybrid environments is an ongoing issue. As such, 65 percent of organizations report discovering where sensitive data resides to be, by far, the top challenge in planning and executing a methodical encryption strategy. 

Performance, management of encryption keys, policy enforcement and support for both cloud and on-premises deployment rank as the top valued features of encryption solutions. In fact, 45 percent of IT professionals rate unified key management across both multiple clouds and enterprise environments as important.

2. Increased deployment of hardware security modules (HSMs) 

According to two-thirds of respondents the implementation of encryption applications coupled with HSMs is critical to an enterprise’s encryption and key management strategy. HSMs also continue to serve traditional applications such as TLS/SSL, application encryption and PKI, but are integral for other use cases, including container encryption/signing services, public cloud encryption including BYOK, secrets management, and privileged access management.

The study finds that, while on-premise HSM use in support of cloud applications has dropped during the COVID-19 pandemic (9 percent), HSM use is forecasted to reclaim ground and grow even more by 2022 (15 percent). This may hint at a gradual return to physical workspaces and a new reinforced cybersecurity approach as many aim to return to “business as usual”.

In the UK specifically, organizations have shifted from on-premise HSMs more than any other country and their overall HSM usage exceeds the global average by at least 10 percent in several categories, including application-level encryption, database encryption, PKI, and code signing.

3. Growing importance of secrets management 

As already noted, HSMs are integral for use cases including secrets management, which aim to protect the private pieces of information that act as a key to unlock protected resources or sensitive data in tools or applications. 

Most importantly, secrets management now ranks as a top 10 — and growing — HSM use case because trust is essential when collecting authentication credentials, keys, and other secrets into a common repository. 

Similar to how the use of HSMs has grown for encryption, key management, and privileged access management, their use with secrets management solutions is a nod not only to the increased risk of collecting all this confidential data in one location, but also to the importance of enforcement of tight access controls and compliance auditing.

4. Mainstream adoption of encryption of technology 

Despite not expecting immediate changes when it comes to new encryption methods, multi-party computation remains the first solution that’s expected to reach mainstream adoption, with homomorphic encryption expected soon after — both predicted to be at least five years away. 

However, the study reveals IT professionals are somewhat more optimistic about the timing of quantum algorithms than they were in 2020, expecting to see them in just under eight years — six months earlier than previously anticipated. Blockchain technology, on the other hand, is farther up the curve, with more advanced current usage, and mainstream adoption expected on average in less than three years. 

While blockchain is currently and mainly used as the foundation for cryptocurrency, enterprises envision use cases will expand to include cryptocurrency/wallets (59 percent), asset transactions/management (52 percent), identity (45 percent), supply chain (37 percent), and smart contracts (35 percent).

As the world continues to digitally transform, encryption technology — and the way enterprises use it — is more relevant than ever. While encryption and key management is complex, it’s essential for enterprises to thrive amid expanding threats. Careful attention to key and data protection, and diligent discovery of new locations that sensitive data is finding its way to, are critical to a successful encryption strategy.

John Grimm
John Grimm is Senior Director of Security Strategy at Thales e-Security and leads the development of their Internet of Things (IoT) strategy.