ME expects growing adoption of encryption strategies

So how private is your data private and secured? This is the most critical question every business tries to deliberate on as the Middle East region seems to gain more traction when it comes to implementing a consistent data encryption strategy.
The region is seeing growing adoption of encryption strategies, with an increase of over 7 per cent since 2016 and IT operations are most influential in framing the direction of encryption strategy, at 32 per cent, according to Thales. The recently released results of the Middle East edition of its 2018 Global Encryption Trends Study, based on independent research by the Ponemon Institute and sponsored by Thales, explores encryption deployment trends in the Middle East, strategy and adoption of encryption to secure data within cloud applications, as well as threats, main drivers and priorities for the industry.

Harish Chib, vice-president for the Middle East and Africa at Sophos, said: "For any type of organisation, data has value and needs to be protected that may be customer information [names, e-mails, credit card information], internal finance or competitive information, employee information, intellectual property and more. Data loss continues to be a real concern for all organisations including for businesses in the UAE. No one anywhere in the world is immune, regardless of geography, size, or industry."
The Ponemon Institute surveyed more than 5,000 people across multiple industry sectors in the US, UK, Germany, France, Australia, Japan, Brazil, the Russian Federation, Mexico, India, Saudi Arabia, the UAE and Korea. The study reveals that only 34 per cent of respondents in the Middle East reported that their organisation has an encryption strategy applied consistently across their enterprise. This places the Middle East among the three lowest-ranking countries, alongside Mexico (30 per cent) and Russia (31 per cent), and 9 per cent below the global average of 43 per cent.
Nicolai Solling, CTO at Help AG Middle East, said: "SSL [secure sockets layer] encryption is the standard security technology for establishing an encrypted link between a web server and a browser. When this is performed, organisations lose the ability to make security decisions of the traffic in the browser, which means the firewalls, proxies and other solutions we buy are unable to detect threats. These threats could be a user communicating with an unacceptable website to them downloading a file which has virus. We have ways around it, but unfortunately it is only applied in a small subset of organisations."
At 55 per cent and 51 per cent respectively, employee/HR data and financial records are the two most commonly encrypted data types in this region. Interestingly, customer information has shown the sharpest increase over the past three years, rising from 25 per cent two years ago to 41 per cent this year.
James Lyne, head of research and development at the SANS Institute, said: "Encryption is one of the key critical controls to protect data anywhere in an enterprise's infrastructure, whether on a user's laptop, on a server, in the cloud or in transport between any of those places. The growing popularity of deploying encryption at the storage or database level when using AW or Azure to make sure you retain control over your data in a shared infrastructure. Encryption therefore has innumerable deployment points, all of which are extremely useful to UAE enterprises."
Organisations in the region continue to demonstrate a preference for control over encryption in the cloud and are actively implementing hardware security modules (HSMs) to safeguard their data against increasing security threats. The report also highlights the Middle East as a leader for HSM deployment across new applications including IoT, cloud access security brokers and blockchain, with the region ranking higher than the global average.
Philip Schreiber, regional sales director for the Measa at Thales eSecurity, said: "The Middle East is one of the most highly-digitised regions in the world, making it extremely vulnerable to cybersecurity threats. Despite a sharp increase in the migration of sensitive data to the cloud, still just 36 per cent of respondents in the Middle East had a consistent encryption strategy in place. Encryption strategy, coupled with hardware tools such as HSMs and proper key management, is vital to protecting sensitive data against cybercriminals and guarding against human error. Whilst we saw a marginal increase this year in its implementation, it's clear there's still a lot of improvement needed in this region to safeguard critical applications." - sandhya@khaleejtimes.com