IT professionals in the Middle East are increasingly adopting encryption to protect customer personal information, driven by the acceleration of digital initiatives such as cloud, the internet of things (IoT), and 5G networks, and rising data volumes and types. These are some of the findings from the 2020 Middle East Encryption Trends Study from the Ponemon Institute and Entrust.
Threats, drivers and priorities
Protecting consumer personal information is the top driver for deploying encryption in the Middle East region (67% of respondents), 13% higher than the global average. This outranks the need to protect intellectual property (59%), protect information against specific identified threats (40%) and comply with external privacy or data security regulations (34%).
Employee mistakes continue to be the biggest threat to sensitive data (60%) and significantly outweigh concerns over attacks by hackers (32%) or malicious insiders (19%), but the threats posed by hackers has increased from 25% in 2019.
Data discovery the number one challenge
With the proliferation of data from digital initiatives, cloud use, mobility, IoT devices and the advent of 5G networks, data discovery continues to be the biggest challenge in planning and executing a data encryption strategy, with 63% of respondents in the region citing this as their top concern, an increase from 58% last year. And that is likely to increase, with a pandemic-driven surge in employees working remotely, using data at home, creating extra copies on personal devices and cloud storage.
Blockchain, quantum and adoption of new encryption technologies
The study indicates that 78% of respondents in the Middle East have adopted an encryption strategy which is either enterprise-wide or limited to particular deployments. This is lower than the global average of 87%.
With encryption deployment a clear focus, how are organizations looking ahead?
In the near term, 51% of respondents plan to use blockchain, with cryptocurrency/wallets and asset transactions cited at the top use cases. Other much-hyped encryption technologies are not on IT organizations’ near-term radar. Most IT professionals see the mainstream adoption of multi-party computation at least five years away, with mainstream adoption of homomorphic encryption more than six years away, and quantum resistant algorithms over eight years out, all of which are in line with global trends.
Trust, integrity, control
The use of hardware security modules (HSMs) continues to grow faster in the Middle East than in any other region. This year 68% of respondents reported using HSMs to protect their encryption keys (up from 50% in 2019), tied for the top region with Germany and the US.
HSM usage is no longer limited to traditional use cases such as public key infrastructure (PKI), databases, application and network encryption (TLS/SSL). The top use cases for HSMs in 2020 in the Middle East are public cloud encryption (47% – compared to 35% globally), application-level encryption (44%) and to protect administrative access to Privileged Access Management solutions (38% – the highest rate worldwide).
The race to the cloud
Sixty percent of respondents say their organizations currently transfer sensitive or confidential data to the cloud and 27% of respondents plan to do so in the next 12 to 24 months. The region also rates support for cloud and on-premises deployment (92%) as the most important feature associated with encryption solutions, far ahead of the global average of 67%.
Other key trends include:
• Financial records (54%) and intellectual property (52%) are the most common types of data encrypted by Middle East organizations
• The region continues to be ahead of the curve in terms of deploying encryption for several notable use cases: Docker containers, 44% (12% above the global average); Internet of Things (IoT) devices, up a total of 12% over the last two years and ahead of the global growth rate of 7% over the same period.
• Organizations in the Middle East use HSMs more than any other region for two notable use cases: To protect administrative access to Privileged Access Management (PAM) solutions (38%) and Internet of Things (IoT) root of trust (30%).
• The Middle East continues to rate training users to use encryption appropriately as a challenge more than most regions (21% vs. global average of 14%), continuing a 3-year trend.