Study on enterprise encryption trends in Australia

The key findings of the 2008 Annual Study: Australian Enterprise Encryption Trends demonstrate organisations continue to move towards a more strategic approach to encryption including a larger focus on key management, especially those companies identified as having the most effective IT organisations.  The study supports the same trend that is occurring throughout other world markets: as the awareness of data breaches grows and the likelihood of government action increases, businesses will most certainly increase their use of encryption.

The study shows that 56 percent of organisations surveyed suffered at least one data breach over the last 12 months with 28 percent of organisations suffering two or more breaches during the same time period. However, an emerging trend appears to show that organisations with an enterprise encryption strategy lowering the rate of data breaches. This demonstrates that an encryption strategy, especially one implemented across the enterprise, can reduce the costs and brand damage associated with data breaches and likely leads to a more profitable business.

The study of nearly 405 Australian-based IT and business managers, analysts and executives (27 percent at the director or higher), identifies a new trend that shows organisations with a more strategic, enterprise-wide approach to encryption have experienced fewer data breaches. In response to increasing demands for data security, nine percent of organisations surveyed now have an encryption strategy applied consistently across the organisation.

Other key findings in the Australian research report include:

1. Encryption use across multiple applications grows.

Respondents reported the consistent encryption of laptops, emails, file servers, and backup tapes varied across applications. In the wake of publicised data breaches, tape backup and laptop encryption were used most often, with 30 percent and 20 percent of organisations respectively using these encryption methods most of the time, while only seven per cent of organisations surveyed used email or file server encryption.

2. Key management is more frequently budgeted for in 2008 as organisations seeking to reduce operational costs prefer to choose just one enterprise vendor. 

Organisations surveyed on average plan to spend 27 percent of their total encryption budget on key management solutions:

– 62 percent of organisations expect their key management investments to reduce the overall operational costs of enterprise data protection.
– Eight percent of organisations expect key management to increase the operation cost of enterprise data protection

3. Organisations are seeking a platform approach.

Respondents were interested in a platform approach, with at least 56 percent rating five fundamental characteristics as important or very important. As described in the survey, a platform enables an organisation to centrally manage and deploy multiple encryption applications with consistent policy enforcement. Respondents from the most effective security organisations were much more interested in a platform strategy than those from less effective organisations.

4. Need for single enterprise encryption vendor begins to emerge.

While encryption use across applications varies significantly, organisations are beginning to select a single enterprise vendor for their key management needs. The survey showed some 25 percent of organisations expect to deploy a single enterprise-wide key management solution or deploy a single vendor’s key management solution for different purposes in 2008. Twenty-two percent of organisations are seeking a tactical key management solution for just one encryption application.

Finding that organisations with enterprise-wide encryption strategies are reducing the risk of data breaches and organisations overwhelming prefer a platform approach to encryption is significant in the evolution of data security. The increased interest in automated policy enforcement, single administration interface, and comprehensive key management continue to favour adoption of an encryption platform solution. The preference for adopting this approach to managing multiple encryption applications from a single console continues to mirror the progression seen with other important enterprise applications such as ERP and CRM.

The inaugural Australian study comes after the Ponemon Institute published the second annual report covering Encryption Trends in the United States earlier this year.