IT professionals in the Middle East are increasingly adopting encryption to protect customer personal information, driven by acceleration of digital initiatives such as cloud, the internet of things (IoT), and 5G networks, and rising data volumes and types. These are some of the findings from the 2020 Middle East Encryption Trends Study from the Ponemon Institute and Entrust.
Threats, drivers and priorities
Protecting consumer personal information is the top driver for deploying encryption in the Middle East region (67% of respondents), 13% higher than the global average. This outranks the need to protect intellectual property (59%), protect information against specific identified threats (40%) and comply with external privacy or data security regulations (34%).
Employee mistakes continue to be the biggest threat to sensitive data (60%) and significantly outweigh concerns over attacks by hackers (32%) or malicious insiders (19%), but the threats posed by hackers has increased signicantly from 25% in 2019.
Data discovery the number one challenge
With the proliferation of data from digital initiatives, cloud use, mobility, IoT devices and the advent of 5G networks, data discovery continues to be the biggest challenge in planning and executing a data encryption strategy, with 63% of respondents in the region citing this as their top concern, an increase from 58% last year. And that is likely to increase, with a pandemic-driven surge in employees working remotely, using data at home, creating extra copies on personal devices and cloud storage.
Blockchain, quantum and adoption of new encryption technologies
The study indicates that 78% of respondents in the Middle East have adopted an encryption strategy which is either enterprise-wide or limited to particular deployments. This is lower than the global average of 87%.
With encryption deployment a clear focus, how are organizations looking ahead? In the near term, 51% of respondents plan to use blockchain, with cryptocurrency/wallets and asset transactions cited at the top use cases. Other much-hyped encryption technologies are not on IT organizations’ near-term radar. Most IT professionals see the mainstream adoption of multi-party computation at least five years away, with mainstream adoption of homomorphic encryption more than six years away, and quantum resistant algorithms over eight years out, all of which are in line with global trends.
Trust, integrity, control
The use of hardware security modules (HSMs) continues to grow faster in the Middle East than in any other region. This year 68% of respondents reported using HSMs to protect their encryption keys (up from 50% in 2019), tied for the top region with Germany and the US.
HSM usage is no longer limited to traditional use cases such as public key infrastructure (PKI), databases, application and network encryption (TLS/SSL). The top use cases for HSMs in 2020 in the Middle East are public cloud encryption (47% – compared to 35% globally), application-level encryption (44%) and to protect administrative access to Privileged Access Management solutions (38% – the highest rate worldwide).
The race to the cloud
Sixty percent of respondents say their organizations currently transfer sensitive or confidential data to the cloud and 27% of respondents plan to do so in the next 12 to 24 months. The region also rates support for cloud and on-premises deployment (92%) as the most important feature associated with encryption solutions, far ahead of the global average of 67%.
“Consumers expect brands to keep their data safe from breaches and have their best interests at heart. The survey found that IT leaders are taking this seriously, with protection of consumer data cited as the top driver of encryption growth for the first time,” said Dr. Larry Ponemon, chairman and founder of Ponemon Institute. “Organizations in the Middle East are deploying encryption faster than global averages. The increased focus on cloud security and preference for encryption solutions that support both cloud and on-premises deployments underline a high level of awareness, but there is an urgent need to build a strong encryption strategy that can be applied enterprise-wide.”
Philip Schreiber, Regional Sales Director-Data Protection Solutions, for Entrust added: “Organizations are under relentless pressure to deliver high security and seamless access to their customer data, business critical information and applications, while ensuring business continuity. The 2020 Global Encryption Trends Study shows the Middle East’s focus on protecting customer information and intellectual property to be much higher than the global average, which is laudable and shows the region setting benchmarks in this regard.”
Other key trends include:
- Financial records (54%) and intellectual property (52%) are the most common types of data encrypted by Middle East organizations
- The region continues to be ahead of the curve in terms of deploying encryption for several notable use cases: Docker containers, 44% (12% above the global average); Internet of Things (IoT) devices, up a total of 12% over the last two years and ahead of the global growth rate of 7% over the same period.
- Organizations in the Middle East use HSMs more than any other region for two notable use cases: To protect administrative access to Privileged Access Management (PAM) solutions (38%) and Internet of Things (IoT) root of trust (30%).
- The Middle East continues to rate training users to use encryption appropriately as a challenge more than most regions (21% vs. global average of 14%), continuing a 3-year trend.