Ponemon 2011 Global Encryption Trends Study – Sponsored by Thales
The Ponemon Institute is pleased to present the findings of the 2011 Global Encryption Trends Study, sponsored by Thales e-Security. We surveyed 4,140 business and IT managers in the United States, United Kingdom, Germany, France, Australia, Japan and Brazil. The purpose of this research is to examine how the use of encryption has evolved and its impact on the security
posture of an organization. The first encryption trends study was conducted in the US in 2005. Since then we have expanded the scope of the research to include countries in various regions of the globe.
In our research we consider the threats organizations face and how encryption is being used to reduce these risks. For the first time we profile organizations according to their level of awareness about security issues and the actions taken to address these issues. Based on this profile, we are able to demonstrate the role encryption plays in helping an organization create a strong security posture.
In this year’s study we asked questions about risk management, standards of due care for crypto deployment, tokenization practices, migration to the cloud, data breaches their organization experienced and effectiveness of their company’s IT security and data protection efforts. Following is a summary of our most salient findings. More details are provided for each key finding listed below in the next section of this paper.
We believe the findings are important because they demonstrate the relationship between encryption and a strong security posture. As shown in this research, organizations with a strong security posture are more likely to invest in encryption and key management to meet their security missions. Characteristics that we believe indicate a favorable orientation to encryption
High awareness and high action index values. Organizations that understand the threats
against them are more likely to have a strategy to reduce those threats.
Place a high level of importance on data protection activities as an integral part of their risk management efforts.
Have a formal encryption strategy that spans the entire enterprise.
Attach a high level of importance to the automated key management and encryption of data.
Are more likely to dedicate a larger proportion or share of their IT security budget to encryption and key management solutions.
Show a high level of awareness and acceptance of established deployment best practices – what we have called “standards of due care.”
Are more likely to favor a one unifying solution to encryption key management across the enterprise.