A recent report by Thales (a Galaxkey partner), compiled using information gathered from 1200 senior IT executives from numerous industries worldwide including: automotive, energy, government, financial services, healthcare, IT, manufacturing, retail, and telecommunications shows that 94% of organisations process sensitive information in cloud, big data, IoT, container, blockchain and/or mobile environments. This is resulting in incidents of data breaches at record high levels throughout industries and globally.
Businesses are embracing new environments, new ways of working and new innovative and transformational technologies, across all sectors, to drive efficiency and scalability which is necessary for the needed growth advancements. Thus, organisations are eagerly adopting digital tech that encourages this.
This movement to a more data-driven world is dependent on data processing and data breaches are more prevalent than ever before because of this fundamental change. This will only continue as new environments create additional vectors for attack and security risks increase, leaving data vulnerable (as well as organisations, their customers and clients) to the increased incidents of attack and the breach of data.
Cyber-attacks are becoming more frequent and combined with data privacy requirements and regulations, that organisations are facing, to protect their data and reduce data risk makes the need to prioritise data security very clear. However, from the results, it seems that some organisations may be going about it in the incorrect way, which may not be as beneficial to their security posture as they’d like it to be.
A summary of the findings can be seen below:
Work practices now involve: Cloud, IoT, applications, mobile technologies, big data and third parties
- 42% of organisations use more than 50 SaaS applications
- 57% of organisations use three or more IaaS vendors
- 53% of organisation use three or more PaaS environments
- 99% of organisations are using big data
- 94% of organisations are implementing IoT technologies
- 91% of organisations are working on or using mobile payments
So, organisations are processing large volumes of sensitive data and processing it in environments outside of their physical networks. They are entrusting data to third parties and cloud usage is growing. The potential for increased security risk is high if this data is not properly secured and managed.
Data breaches are increasing across all industries
- 67% of respondents were breached of which 36% were breached in the last year. This is an increase from the 26% breached in the year prior to that.
So, data breaches are becoming more frequent and commonplace across all industries worldwide.
Outlook on security
- 77% of respondents perceive data-at-rest security solutions as the most effective breach preventative measure
- 75% perceive network security solutions as the most effective breach preventative measure
- 75% perceive data-in-motion solutions as the most effective breach preventative measure
Data needs to be protected at all stages: at rest, in transit and in storage. Data needs to be protected wherever it travels and this is why a data-centric solution to protect the data itself is so important.
- 57% of respondents are spending the most on end-point and mobile security technologies
- 50% are spending the most on analysis and correlation tools
- 40% are spending the most on data-at-rest solutions
Encryption seems to be the driver for change
- 44% mention encryption as the top tool for increased cloud usage
- 35% believe encryption is necessary to drive big data adoption
- 38% believe identity technologies are necessary to drive big data adoption
- 36% believe improved monitoring and reporting tools are needed for big data adoption
- 48% believe encryption to be the top tool for protecting IoT deployments
- 41% believe encryption to be the top tool for protecting container deployments
Encryption is seen as the preferred security purchase in 2018
Encryption is also cited as the top tool for meeting new privacy requirements such as the European Union General Data Protection Regulation (GDPR).
Security strategies need to shift to those that protect the data itself if organisations are to properly protect customer data and other personal and sensitive information. Presently organisations are leaving this data at risk due to not focusing on protecting the data itself. Protection that follows the data wherever it travels is essential so that the data is protected even outside of the organisation’s environment or perimeters of control.
The way in which organisation are doing business is changing and is wholly reliant on data. Data must be protected throughout its lifecycle, wherever created, transmitted and stored to mitigate the security risks and impacts of a data breach.
Steps should be taken to embrace new technologies and business processes in a secure manner. If this is not achieved breaches will continue to escalate. It is recommended that organisations take a proactive approach and follow the following security best practices:
- Leverage encryption and access control as a primary defence for data and consider an “encrypt everything” strategy
- Select data security platform offerings that address multiple use cases to reduce complexity and costs
- Implement security analytics and multi-factor authentication solutions to help identify threatening patterns of data use
- Discover and classify all data
- Use encryption and access control on all cloud, big data, IoT and mobile environments
Galaxkey supports these recommended best practices
Galaxkey addresses the security, management and protection of sensitive data, transmitted and stored. Galaxkey addresses the data protection requirements of the law, compliance, standards and regulations like the GDPR, MFID2 and ISO27001, with one simple to use data protection platform. Our solutions are data-centric and combine innovative technologies, encryption and policy to enable the protection and management of data irrespective of data type, platform and environment. Our data protection follows data wherever it goes so that it is always protected and compliance is maintained.