Big data & analytics

Cut through the hype of enterprise data encryption

Share this post:

Encryption is experiencing growing interest and scrutiny. It is increasingly positioned as a technology that addresses the triple threat driving the security landscape:

  1. Supporting regulatory compliance
  2. Counter-acting the continually evolving threat landscape
  3. Limiting enterprise exposure to the risk posed by digital transformation

Ideally, enterprise data encryption would be a hygiene behavior, perceived as a fundamental activity. However, the uptake of encryption has not matched the expectations of many vendors and commentators. Encryption is a well-established technology, a $1.5 billion dollar market according to IDC’s research, so why is it not broadly adopted by everyone?

Encryption – A technology issue?

This gap between the perception and adoption of encryption arises from a security/usability imbalance. While encryption makes it tougher for threat actors to compromise enterprise data, it can also obstruct genuine user access. For example, encrypted data may not be usable within data analytics tools. This makes encryption adoption a question of risk appetite. What does the board fear most: A loss of IP through non-encrypted data compromise; or a loss of market share due to lack of digital transformation? The difficulty resolving this imbalance often drives the latter response. So, what can be done?

From a technological perspective, an important step is recognizing that encryption is not a total solution for enterprise data privacy and security. It is important, but must be accompanied by, for example, key management solutions (or services). Pervasive encryption is an example of how technology vendors can help enterprises address the problem. This is built into IBM Z, IBM’s mainframe systems, at the operating system level. With encryption built-in to data at rest in the mainframe, enterprise leaders need not worry about which data to encrypt at the application level. For more detail, check out these recent test results on the impact of Pervasive Encryption on IBM Z performance in one of IBM’s banking clients.

However, not all enterprises are at this level of technology maturity. In these cases, there are organizational obstacles to address first.

Encryption – A human issue?

In a recent encryption Crowd Chat co-hosted by IBM and IDC, for many participants the pain points related more to people and process than to technology. In fact, there were three focus areas: Culture, leadership and process.

In IDC’s opinion, culture is the most nebulous issue, but the most critical in building consensus around encryption deployment. It relates not just to a culture of data encryption, but to one that strives for security excellence. Only then will there be a breeding ground for concepts like pervasive encryption beyond niche data silos.

On leadership, Crowd Chat attendees wondered “Who is the right person to champion encryption?” However, for IDC the question should be framed differently: “Who in my enterprise has sufficient understanding and influence to drive a consistent approach to encryption?” This cannot be pre-determined with set job roles, and must account for organization specifics.

Regarding process, attendees wondered “What data should we encrypt?” Given the security/usability imbalance, pervasive encryption is a continuous journey, not a destination. Enterprises ought to start small, focusing on the most sensitive data. From here, encryption can be expanded, driven by the “champion”. Considerations should include the nature or classification of data, government requirements, regulatory compliance and responsibilities towards the stakeholders whose data is held.

Call to action

Encryption cannot be promoted as a panacea for data privacy and security. But more can be done to support broader adoption across the enterprise. Business decisions are taken based on risk, highlighting the usability/security imbalance, but decision-makers must hold all the facts. For example, with the EU’s General Data Protection Regulation approaching, can enterprises afford not to encrypt personal data?

IDC proposes five enabling factors for encryption:

  1. Handle encryption within a broader product environment, not a standalone solution.
  2. Identify the right encryption champion for your enterprise.
  3. The encryption champion must work in step with a broader security culture evolution.
  4. Start small with encryption – don’t bite off more than you can chew.
  5. Build a process to identify what data to encrypt, based not just on compliance but also on brand values and responsibilities to stakeholders.

Learn more about combating cyber threats from infrastructure to endpoint.

From time to time, we invite industry thought leaders to share their opinions and insights on current technology trends to the IBM Systems IT Infrastructure blog. The opinions in these blogs are their own, and do not necessarily reflect the views of IBM.

Research Manager, IDC European security research team

More Big data & analytics stories

Cloud infrastructure designed for your business model

When we talk about cloud, one of the most important challenges for cloud service providers is changing the old thinking about protecting data. With all of the cyberattacks being launched on companies, there’s no doubt that security is extremely important. It’s even more important if we consider that data breaches can lead to the end […]

Continue reading

Data breaches: The threat is real

The threat is real. You see it in the newspaper headlines and on your TV news channel. As predicted years ago, data is now the new oil. As with any valuable resource, it has become the main target for criminal organizations. In the past, the threat came from burglars or spies. Now the threat is […]

Continue reading

The IBM Z cloud-ready data center dream is now available

Today IBM announces the availability of its cloud-ready IBM z14 based on a single-frame design, originally unveiled in April 2018. In response to the desires of cloud service providers, managed service providers and enterprise customers, the now broadly-available IBM Z mainframe features a 19-inch industry-standard rack that fits neatly onto just two data center floor […]

Continue reading