Opinion: Innovation is driving the future of encryption
Philip Schreiber, regional director, MEASA at nCipher Security on cybersecurity proofing the cloud is essential
The opening of Microsoft’s first data centre regions in the UAE has underlined the significant demand for data storage in the Middle East. It is estimated that investment in data storage is set to be valued at AED1.5 billion by 2022 in Saudi Arabia and the UAE alone – according to a recent report by IDC – highlighting the phenomenal growth of the service, which complements the huge focus on digital transformation in the region.
The UAE and Saudi Arabia are leading the regional space in leveraging big data and advanced analytics, which is mirrored in the goals outlined by its strategic growth vision pillars to build ‘smart cities’ and draw on the power of the Internet of Things (IoT), Artificial Intelligence (AI) and Machine Learning to achieve world-class standards in the operational efficiency of all sectors, including governance.
The use of cloud and emerging technologies creates new security risks, compelling organisations worldwide to focus on data protection solutions. As more organisations move towards harnessing the cloud, this also presents a new challenge – the need for encryption – to ensure cybersecurity.
As the region moves to the next era of digitalisation, having a clearly structured and reliable encryption strategy in place should not be viewed by organisations as an optional extra, but prioritised as a business-critical, strategic imperative. And the Middle East is making important strides in this regard.
As the 2019 Middle East Encryption Trends Study by the Ponemon Institute highlights, 36% of respondents in the Middle East – that is more than one in three surveyed – state that their organisation has an overall encryption strategy applied consistently across the entire enterprise, a number which has risen during the past three years.
The survey also reports that a significant majority of organisations in the Middle East (84%) are currently using cloud computing services or plan to do so in the next 12-24 months. The use of encryption in the region is thus at an all-time high and 40% of respondents are leveraging hardware security modules (HSMs) for public cloud encryption to protect their sensitive information in environments such as Microsoft Azure.
Some 58% of the respondents stated that their organisations currently transfer sensitive or confidential data to the cloud – whether it is encrypted or made unreadable via some other mechanism – and 27% plan to do so in the next 12 to 24 months. This further underlines the need for comprehensive data protection solutions.
The question then is how the cloud, backed by Microsoft’s local data cloud centre regions, will empower its partners in the region to benefit from the Fourth Industrial Revolution and transform in this new era. The solution rests in two powerful watchwords: Innovation and readiness.
While harnessing the cloud is an organisational-must in this era, it is equally important to capitalise on innovative solutions, such as nCipher’s Bring Your Own Key (BYOK) capability, which gives customers complete control over their encryption keys and confidence that their data is protected in the Microsoft cloud.
According to the study, 40% percent of respondents (compared with 32% globally) are leveraging hardware security modules (HSMs) for public cloud encryption and 76% rate support for both cloud and on-premises deployment as the most important feature associated with encryption solutions.
In fact, the adoption of HSMs is growing and its importance to an encryption or key management strategy will continue to increase in the coming months.
Alongside such shifts in innovative technology deployment, it is critical that IT teams both understand why it is vital to use encryption and are equipped to do so – a concern that the region highlights with 27% of respondents stating that ‘training to use encryption’ is a challenge - versus the global average of 13%.
In fact, it may come as a surprise that employee mistakes are the most significant threat to sensitive data at 67%, higher than the global average of 54%. The second highest threat came from temporary or contract workers at 33%, with hackers or malicious insiders considered a much smaller threat, at just 25% and 16% respectively.
There have also been shifts in the type of data that is encrypted, with more companies today encrypting financial records (61%) and intellectual property (56%), and fewer encrypting employee or HR data. Intellectual property is also garnering increasing focus – with 74% of respondents observing that protection of IPR is the main driver to using encryption technologies, followed by the protection of customer information at 66%.
When we take a closer look at the region, the proliferation of data, concerns around data discovery and policy enforcement, together with a shortage of cybersecurity professionals are some of the biggest concerns faced by businesses in the cloud era.
The introduction by Microsoft of their first locally residing data centres in the region is an important step in addressing these challenges. Naturally, those who implement a high-assurance security foundation ensuring the integrity and trustworthiness of data, applications and intellectual property will have a much stronger chance to gain competitive advantage in the long-term. The future will belong to the first- and fast-movers, who realise that cybersecurity proofing the cloud is critical.