Data at risk as firms go digital
Close to 94% of companies use sensitive data in cloud, big data, Internet of Things (IoT), container, blockchain or mobile environments, says digital information systems firm Thales.
Digital transformation is driving efficiency and scale and making new business models possible. Enterprises are embracing this opportunity by leveraging digital technologies at record levels. Close to half of organisations use more than 50 softwareas-a-service apps, 57% use three or more infrastructure-as-a-service vendors, and 53% use three or more platform-as-a-service environments.
Of these, 99% are using big data, 94% are implementing IoT technologies, and 91% are working on or using mobile payments, according to the 2018 Thales Data Threat Report.
In 2018, 67% of respondents were breached, a marked increase from 2017, which saw 26% breached. Given the increased number of attacks, 44% of respondents feel “very” or “extremely” vulnerable to data threats.
Security strategies have lagged behind technological changes, in part because of budget constraints. Nearly 77% of respondents say data-at-rest security solutions are most effective at preventing breaches, with network security (75%) and data-in-motion (75%) following close behind.
But 57% of respondents are spending the most on endpoint and mobile security technologies, followed by analysis and correlation tools (50%). Furthermore, companies are failing to secure data that they don’t work with on a daily basis, with data-at-rest security solutions coming in at the bottom (40%) of IT security spending priorities.
This disconnect is also reflected in attitudes towards encryption, a key technology with a proven track record of protecting data. Respondents still express a strong interest in deploying encryption technologies, even if they don’t spend enough on it.
Close to half say encryption is the top tool for increased cloud usage. More than a third believe encryption is necessary to drive big data adoption. More than 48% cite encryption as the top tool for protecting IoT deployments, and 41% as the top tool for protecting container deployments.
Encryption technologies top the list of desired data security purchases in the next year, with 44% citing tokenisation capabilities as the No.1 priority, followed by encryption with bring-your-own-key (BYOK) capabilities. Encryption is also cited as the top tool (42%) for meeting new privacy requirements such as the European Union General Data Protection Regulation (GDPR).
Organisations are dealing with massive change as a result of digital transformation, but this change is creating new attack surfaces and new risks that need to be offset by data security controls. Security strategies, however, have not changed.
“Security spending increases that focus on the data itself are at the bottom of IT security spending priorities, leaving customer data, financial information and intellectual property severely at risk,” said Garrett Bekker, principal security analyst for information security at 451 Research.
Peter Galvin, chief strategy officer of Thales eSecurity, said: “We’re now at the point where we have to admit that data breaches are the new reality, with over a third of organisations suffering a breach in the past year.”
In order to offset the data breach trend, companies must leverage encryption and access controls as a primary defence for data and consider an “encrypt everything” strategy. They should select data security platform offerings that address multiple-use cases to reduce complexity and costs, and implement security analytics and multi-factor authentication solutions to help identify threatening patterns of data use.