The Sookasa Blog

Most companies deploy encryption for compliance, study finds

As data breaches become increasingly commonplace, companies have increasingly turned to encryption technology to keep their data secure. A new study published by the Ponemon Institute surveyed 5,000 companies to see exactly why companies are adopting encryption solutions. The largest adoption driver—at 61 percent—was the need to comply with federal regulations such as HIPAA, FERPA, PCI DSS, and others.

The fact that such a large number of companies are pursuing secure compliance options is reassuring, especially because companies have for years sacrificed security in order to check off compliance boxes, sometimes with little awareness that compliance does not necessarily equal security. Deploying encryption technology for PHI is a great step in the right direction for healthcare organizations to be both compliant and secure.

Nearly 50 percent of survey respondents also said that they used encryption specifically for protection: to protect intellectual property, information against specific threats, and customers’ personal information. (Respondents were allowed to choose more than one driver.) Other reasons for deploying encryption included limiting liability from breaches, reducing the scope of compliance audits, complying with internal policies, and avoiding public disclosure after a data breach.

The survey also revealed that the presence of enterprise-wide encryption strategies has more than doubled since 2005. What’s more, in 2005, 38 percent of companies didn’t have an enterprise-wide encryption strategy; now, only 15 percent don’t have one.

All in all, the trends emerging from this new study are positive and show enterprise security moving in the right direction. However, as encryption solutions evolve and become increasingly ubiquitous, complications inevitably begin to arise. One of the problems with encryption is that as more apps and SaaS platforms use encryption, the harder they become to keep track of and control. About 50 percent of survey respondents named this management difficulty as a major pain point.

Still, managing encryption technology should not be an obstacle to adopting it. Already, solutions such as Cloud Access Security Brokers (CASBs) are making an impact at companies trying to manage all of their data. In addition to providing unprecedented visibility into company data, CASBs also provide a centralized location from which to manage all SaaS platforms a company is using and all of their security measures, including encryption.

It’s laudable that enterprises are widely stepping up their security game and making encryption the norm, and hopefully logistical obstacles won’t stand in the way of adopting new technology. If enterprises considering encryption adopt CASBs—and hold on for any other solutions that emerge to make encryption even easier—data is going to be much safer and much easier to manage.