New survey reveals many companies do not encrypt data in use, but plans are in the works to address this security gap.
The majority of data breaches today are occurring at the application layer where sensitive information is more exposed and susceptible, however a joint research survey with Entrust revealed that less than 25 percent of respondents are actually applying data protection at the application layer, instead relying on data-at-rest encryption. The challenge is that data-at-rest encryption only really secures data when it remains at rest. When an authorized application requests the data, it is decrypted and passed to the application in the clear, leaving sensitive data-in-use vulnerable – kind of like having an insurance policy that only covers your car while it is parked in your driveway but not while it is being used. This does not make sense to us, and it appears that the sentiment is shared. Broad concern was expressed by the respondents of the survey, which included 600 IT professionals from the US and the UK, 85% of which reported being somewhat or very concern with unprotected sensitive data at the application layer.
But protecting data at the application layer is complex and challenging. When asked about the top challenges for implementing application-level data protection, respondents ranked 11 different items among the hardest. Challenges with managing cryptographic keys and consistently applying data protection policies, especially across multiple applications, were among the higher rated responses. However, no single answer received a majority of responses, highlighting how broadly challenging it can be to secure data in applications.
These results buttress what most industry experts already know about the traditional approach to application-level data protection, in which cryptographic functionality is interwoven into applications to secure data at its point of creation – it’s hard. Compound this challenge with the need for multiple applications to access the same encrypted data, perhaps across multiple operating systems and multiple cloud environments, and it becomes exponentially more complex and time consuming to implement. However, this is exactly what the joint solution from Prime Factors and Entrust addresses – hardened application-level data protection simplified.
Perhaps the most surprising of the survey results was that 96 percent of respondents reported that they plan to implement specific application-level data protection functionality within the next 12 months. These numbers number are astounding, given how relatively little adoption application-level data protection has had to date, however, with evolving regulations and standards, along with ongoing breaches, perhaps it should be expected. As the move to better protect data at the application layer continues, companies will look to simplify protecting data wherever it is used, moved, or stored.
Register Now to join us this week for a joint webinar with Entrust on Wednesday, June 9th at 11am, as we explore the survey results, discuss the nuances and challenges of application-level data protection, and highlight architecture and approaches that can help simplify protecting data where it is most at risk.
Request a copy of the 2021 Application-Level Data Protection Survey Summary of Findings.