Although there is much in the news about external threats to sensitive data, the biggest concerns among businesses are human error and system or process malfunctions.
New research from nCipher Security and the Ponemon Institute as part of its 2019 Global Encryption Trends Study found that employee errors are by far the biggest threat to sensitive data, with 54 per cent of respondents citing this as a worry. System malfunctions, meanwhile, are a concern for 30 per cent of those questioned.
External hackers were also named as a threat by 30 per cent of those surveyed, while malicious insiders were named by 21 per cent.
It’s clear that focusing on reducing system errors is an area that more businesses should consider concentrating on, if it’s such a big concern and potential threat to their data security.
The challenge when developing these solutions is that many want them to cover both in-house and cloud deployments.
In fact, 68 per cent of respondents said that they want an encryption solution that covers both of these scenarios. When it comes to these solutions, the three most important features were named as enforcement of policy, system performance and latency, and support for cloud and on-premises deployment.
Testing any solutions during their development phase and subsequent deployment is vital if developers are to improve the performance and latency of the systems they’re building and introducing.
By building quality in at an early stage in the process, and continuing to hone this, businesses will end up with a more robust and comprehensive encryption solution that’s tailored to their organisation. The idea is to manage and then assess the journey.
Testing to identify weaknesses in the system and then to fix them could also bring greater peace of mind to companies using encryption technology. Almost half (42 per cent) of respondents said that initially introducing encryption technology was a “significant challenge”
There will also be different needs depending on whether you’re deploying encryption technology for the cloud or an on-premises system.
The survey identified support for the KMIP standard as the most important cloud encryption feature, with 73 per cent naming this feature. SIEM integration and granular access controls were the other top features companies are looking for.
Meanwhile, the research also found that the use of hardware security modules (HSMs) climbed to its highest ever level. The use of HSMs increased six per cent year-on-year, reaching 47 per cent overall.
The main use cases for this technology were application level encryption, TLS/SSL and database encryption.
This too is an area that needs to be thoroughly tested to improve the processes for accessing and securing sensitive data. Given that 61 per cent of respondents said that the pain of encryption key management was at seven or higher on a ten-point scale, there is clearly room for improvement in this area.
A formal key management policy, formal key management structure and a manual process were picked out as the most commonly deployed key management systems.
Improving your software quality process could help alleviate some of the pain points when it comes to encryption and data protection. Talk to us about our software quality management services today.
Leave a Reply