Many businesses understand the importance of protecting data at the application layer but only do so for data that’s at rest. In-use data, on the other hand, is often unprotected, placing such businesses at unnecessary risk.
This is according to a new report from Entrust, published together with application-level protection company Prime Factors. Polling 600 IT professionals in both the UK and the US for the report, the two companies found that many are worried about sensitive data being unprotected in use at the application layer, and plan to take “extensive action” in the next 12 months.
Currently, less than a quarter (24 percent) use techniques that protect data in the applications they control. For the next 12 months, however, nearly all respondents (96 percent) plan on adding things like encryption, data masking, security audit logging, and tokenization.
But it’s harder than it seems – many are worried about the complexity of implementing these mechanics, and of all the different challenges ahead, cryptographic key management seems to be the biggest one.
The report also found that ‘generating and storing cryptographic keys securely’ was the toughest thing about cryptographic key management.
“Organizations can no longer afford to underestimate or poorly implement application-level encryption,” said John Grimm, Vice President of Strategy at Entrust. “Whether organizations are managing fully automated, high-volume applications or tightly supervised, low-volume applications, it’s imperative that business leaders and IT teams prioritize deploying application-level encryption and data protections.”