Security : Technology : Data Protection : Rights Management
Only One in Five Companies Are Encrypting Data in Virtual Environments
March 27, 2014 11:45 AM
Strong Security Measures, Including Encryption and Key Management, Are Prerequisites for Businesses to Move Forward with Data Center Consolidation Initiatives
President and Chief Executive Officer
Security concerns are preventing businesses from unlocking the potential benefits of data center consolidation and cloud services, according to new research from SafeNet, Inc., a global leader in data protection. The research, which is based on a global survey of approximately 600 security and IT executives, found that while nearly three-quarters of IT professionals view data center consolidation as important (75 percent EMEA; 73 percent NORAM; 63 percent APAC), more than half (51 percent) have no consolidation plans in place (46 percent EMEA; 49 percent NORAM; 71 percent APAC) and only a quarter have completed consolidation projects.
The survey results illustrate that security challenges, with regard to addressing encryption and key management needs, may be contributing factors to the slower progress in consolidation efforts, including moving workloads from physical machines to virtualized systems. Specifically, of those who view data center consolidation as important, 62 percent said their biggest worry was losing control of cryptographic keys (68 percent EMEA; 65 percent NORAM; 59 percent APAC). This sentiment indicates that strong encryption and secure management of keys are critical prerequisites to data center consolidation and cloud migration.
In fact, only one-fifth (21 percent) of respondents indicated that they are currently doing any encryption in their virtual environments (23 percent EMEA; 22 percent NORAM; 16 percent APAC). As well as encryption and managing cryptographic keys being technically challenging for IT professionals, these survey results also suggest that businesses do not have the required staffing levels in place to support a consolidation project. Nearly 60 percent of respondents said they had less than five people involved in encryption management globally. In addition, nearly one-third (27.5 percent) said they had more than 10 business applications that required encryption.
“The adoption of new technologies—such as big data, mobility, and cloud-based services—has pushed data center consolidation to the top of the priority list for many businesses. Yet it is clear that security concerns combined with a lack of resources are hampering the progress of such transformations,” stated Prakash Panjwani, senior vice president and general manager, SafeNet.
“Any shift in infrastructure can be daunting for IT professionals, however with data now stored across a hybrid IT landscape—including on-premises, on mobile devices, and in the cloud—security teams need to move away from traditional approaches and adopt new encryption technologies that support today’s dynamic data center and service provider environments,” Mr. Panjwani continued.
Looking specifically at current security processes for managing cryptographic keys, the research revealed that:
- Almost three-quarters (74 percent) have at least some encryption keys in software (74 percent EMEA; 76 percent NORAM; 69 percent APAC) – leaving the door open to attackers.
- Less than one in ten (8.3 percent) secure their keys solely in hardware (8 percent EMEA; 7 percent NORAM; 14 percent APAC).
- Just under one-fifth (18 percent) didn’t know where their keys were stored (17 percent EMEA; 16 percent NORAM; 17 percent APAC).
- Less than half of respondents (45.6 percent) manage cryptographic keys centrally (41 percent EMEA; 43 percent NORAM; 45 percent APAC). This sets the stage for inefficiency, overlapping efforts, inconsistent policy enforcement, and difficulty in auditing.
“Encrypted data is only as secure and available as the keys used to encrypt it, so businesses need to ensure they are getting their key management strategies right. By deploying a multi-layer encryption and centralized key management strategy, and leveraging hardware for key management and storage, organizations can accelerate their cloud, virtualization, and consolidation initiatives while also retaining control over their sensitive data,” concluded Prakash Panjwani, SafeNet.
The research from SafeNet polled more than 580 individuals across more the 50 countries globally. Respondents comprised of security and IT executives from a range of industries, including financial services, healthcare, technology, media, consumer packaged goods, retail, and more.
SafeNet data protection solutions provide multi-layer encryption with centralized key management and storage. SafeNet delivers the comprehensive encryption platforms that enable security professionals to safeguard sensitive data in data centers, virtualized data centers, and private and public clouds.
SafeNet enables customers to encrypt sensitive data at the storage, file, virtual instance, database, and application layer, while managing encryption security policies and encryption keys centrally. In addition, SafeNet supports format-preserving tokenization for a wide variety of data types. Through this multi-layer approach, SafeNet enables organizations to:
- Separate administration of systems and applications from the data stored or processed within these infrastructure layers, ensuring privileged users can’t see sensitive data.
- Take advantage of lower-cost operational models while consistently enforcing security policies.
- Centralize encryption management across physical, virtual, and public cloud environments, and efficiently deliver detailed logs and compliance reporting for internal and external auditors.
- Employ key vaulting and secure cryptographic resources, both in data center and multi-tenant environments, in order to retain full ownership and control of their encryption service.
With these capabilities, organizations can institute a defense-in-depth strategy that delivers high levels of security for sensitive data, regardless of where it resides—even if there’s been a breach of other controls.
Founded in 1983, SafeNet, Inc. is one of the largest information security companies in the world, and is trusted to protect the most sensitive data for market-leading organizations around the globe. SafeNet’s data-centric approach focuses on the protection of high-value information throughout its lifecycle, from the data center to the cloud. More than 25,000 customers across commercial enterprises and government agencies trust SafeNet to protect and control access to sensitive data, manage risk, ensure compliance.