While most businesses understand they should be encrypting customer data, the reality is a little different, according to a new report from the Ponemon Institute.
The report states that most organizations consider encrypting customer data the most important security practice. However, businesses are more likely to encrypt financial records, payment-related data, employee/HR data, and intellectual property instead.
The Ponemon Institute also spotted a shift the motivation behind data encryption. Instead of compliance, which until recently was ranked as the main priority, enterprises are now more motivated by the need to protect customer information or protect against specific threats. Furthermore, they also want to safeguard their intellectual property.
Despite the fact that many organizations (50 percent) have an encryption strategy that is applied consistently, they struggle to encrypt data in multi-cloud environments. For this reason, unified key management across both multiple clouds and enterprise environments is considered pivotal.
Key management is increasingly complex, the report states, with simply knowing where organizational data resides across on-premise, virtual, cloud and hybrid environments being an ongoing issue. As a result, two-thirds (65 percent) of organizations claim locating sensitive data is the top challenge, when it comes to planning and executing a methodical encryption strategy.
“Breaches of personal information strike at the heart of the relationship between enterprises and their customers. Encryption is at the foundation of data protection, and when organizations don’t prioritize protecting customer personal information, they raise enterprise risk of lost business and reputation,” said John Grimm, VP Strategy at Entrust.