Report: Data Encryption Deficiency Responsible for Sensitive Data Loss

Fortanix, a data security company and pioneer of Confidential Computing, revealed the results of a new study conducted by Enterprise Strategy Group (ESG): “Operationalizing Encryption and Key Management.”

Among the findings, it was noted that a lack of encryption is the primary contributor to sensitive data loss, even though confidence in cryptographic capabilities is strong. At the same time, encryption is pervasive and on the rise for data at rest, in motion, and in use.

The study surveyed nearly 400 IT, compliance, DevOps and cybersecurity professionals involved with encryption and data security technologies and processes across the U.S. and Canada. All respondents were from either large or mid-market organizations within industries such as manufacturing, financial, technology and healthcare.

The survey found that 90 percent of respondents agreed that encryption has a positive impact on the various facets of their network security, data security and overall security, with more than 50 percent saying it has a significantly positive impact in each of these areas. The report also uncovered that businesses want to encrypt their data but often do not know how. A lack of adequate cybersecurity staff and expertise leads to confusion around where and when to apply encryption, management complexities and difficulty assessing cyber-security. Similarly, a lack of encryption remained the top reason for data loss for almost 33 percent of the respondents, and 25 percent experienced data loss due to policy violations such as small key size.

Other learnings included:

• More than two-thirds (76 percent) of respondents are aware of post-quantum cryptography (PQC), including 37 percent already actively testing it and 14 percent currently using it . Costs, budgets, and staffing are the biggest limitations in PQC adaptation.
• Roughly 81 percent of respondents said their organizations have dedicated teams to handle encryption, key management and certificate management, with 63 percent of those reporting directly into the C-Level.
• Key management systems, data loss prevention, and hardware security modules are the top three security technologies used by respondents to secure their organization’s data. Fewer than a quarter (24 percent) currently have a single unified key management system in place, although that is expected to grow to 50 percent soon. Meanwhile, distributed or federated key management system usage will shrink from 74 percent to 47 percent.

“More than 80 percent of organizations say they have begun or have implemented zero trust technology, but the survey also revealed that they don’t always know where to turn when looking to implement the highest level of data security,” said Anand Kashyap, co-founder and CEO of Fortanix. “The truth is, most enterprises lack complete control over encryption keys, creating significant risk. It’s paramount these organizations adopt a paradigm shift towards a data-centric security strategy with full visibility and control over their encryption assets.”

The report is available here.