14 Jul Middle East has highest Hardware Security Module (HSM) adoption rates for critical applications
Security and IT professionals in the Middle East are increasingly looking to secure critical application data using encryption and HSMs. This and other findings are highlighted in the Entrust 2021 Middle East Encryption Trends study, the sixteenth annual multinational survey by the Ponemon Institute. The study reports on the cybersecurity challenges organisations face today, and how and why organisations deploy encryption.
According to respondents from the region, the most important feature associated with encryption solutions is support for cloud and on-premises deployment. The adoption of encryption for Private cloud infrastructure is up 8% over the past two years and Bring Your Own Key (BYOK) management support was cited an important feature of cloud encryption solutions by 42% (vs. 34% globally), making this the 4th straight year that this was above the global average.
When it comes to what’s driving data encryption data in the Middle East, the top priorities are to protect customer personal information (59% of respondents vs. 54% globally) and intellectual property (57% vs. 49% globally). The fastest growing drivers are limiting liability from breaches or inadvertent disclosure (47% up from 39% last year) and to comply with external privacy or data security regulations and requirements (39%, up 11% over the past 2 years).
Unfortunately, while encryption is the foundation of data protection, just one in three (29%) Middle East companies surveyed indicate that they have a consistently applied encryption plan/strategy — well below this year’s global average of 50%. At the same time, the majority (59%) of these organizations report that they have experienced a data breach, the 2nd highest rate worldwide and well ahead of the global average of 44%.
Hardware security modules (HSMs)
Across the Middle East, over two-thirds (68%) of organisations surveyed use Hardware Security Modules (HSMs), one of the highest adoption rates across all regions surveyed. Furthermore, the highest use case where HSMs are used is Application-level encryption (47%) and organisations in the Middle East use HSMs more than any other region for Internet of Things (IoT) root of trust (30% vs. 21% globally). Additionally, the fastest-growing use cases are document signing at 21% (up 16% over the past three years) and Cloud Access Security Brokers (CASBs) for encryption key management at 32% (up 9% over the same period).
Looking to the future, respondent organisations anticipate greater use of HSMs over the next 12 months. This uptake covers a range of use cases, primarily key management root of trust which is expected to increase from 16% to 31% over that time. Other priorities include code signing, increasing from 25% to 33%, protecting administrative access to Privileged Access Management (PAM) solutions (34% to 40%) and Secrets Management solutions to protect secrets storage expected to increase from 30% to 36%.
“As organisations in the Middle East increase their use of the cloud, it’s clear that they prefer encryption solutions that support cloud deployments and want to control the keys that are used for data at rest encryption in the cloud. While it’s encouraging to see these specific uses cases being adopted, more needs to be done to encourage enterprise-wide encryption strategies, especially as a majority of respondent organisations have experienced a data breach,” said Philip Schreiber, regional sales director-Data Protection Solutions, for Entrust.
“A holistic encryption approach can help organisations limit liability from breaches or inadvertent disclosure and help to comply with data privacy regulations while they focus on protecting financial records and payments-related data from the risks of hackers and temporary or contract workers. The region continues to have one of the highest HSM adoption rates, demonstrating a desire for greater control over critical applications and data and security professionals view HSMs as becoming more important, particularly for use cases like key management root of trust, code signing and for use with privileged access and secrets management solutions.”