While French organizations encrypt specific data types at high rates, they lag behind the global average for enterprise-wide encryption strategies. This and other findings are highlighted in the Entrust 2021 France Encryption Trends Study, part of the 16th annual multinational survey by the Ponemon Institute. This targeted approach to data protection could be a key factor in why more than half of these organizations also report having experienced a data breach in the last year. The study reports on the cybersecurity challenges organisations face today, and how and why organizations deploy encryption.
Identified threats and priorities
While 46% of respondents in France have a consistently applied encryption strategy, this is lower than the global average of 50% and down from 49% last year. Organizations in France encrypt all data types at higher rates than global averages, with the top data types including intellectual property at 75% (well above the global average of 48% and up from 62% last year), payment-related data at 69% (vs. 53% globally and 46% in 2020), and financial records at 62% (vs. 55% globally and 57% last year).
This targeted approach to data encryption appears to be driven by similarly defined factors, with 65% of organizations in France saying they encrypt data to protect information against specific, identified threats (the highest rate worldwide). The next highest driver is to comply with external privacy or data security regulations and requirements, at 42%, while the third priority is to reduce the scope of compliance audits, selected by 40% of respondents compared to 30% globally.
When it comes to planning and executing an encryption strategy in France, respondent organizations ranked the discovery of where sensitive data resides as the biggest challenge, with the rate increasing to 72% this year from 70% last year. Additional challenges include training users to use encryption appropriately (20% vs. 14% globally) and the ongoing management of encryption and keys (20% vs. 26% globally).
The growing role of hardware security modules (HSMs)
As the management of encryption keys and certificates is generally viewed as less of a problem in France than elsewhere in the world, it’s perhaps unsurprising that 45% of organizations in France use Hardware Security Modules (HSMs) – compared to 49% globally – to help manage and protect their encryption.
On the other hand, respondents in France report that the importance of HSMs to their encryption or key management strategy will increase from 58% to 64% over the next 12 months. Furthermore, as many organizations migrate some or all of their IT to the cloud, when using HSMs to protect cloud applications 70% of respondent organizations in France plan to own and operate HSMs on their own premises in the next 12 months, vs. 35% today.
The top HSM use case in France is PKI or credential management: 44%, up from 37% last year and higher than this year’s global average of 31%. The second highest HSM use case is container encryption/signing services: 38% vs. 40% globally.
Looking to the future, organizations anticipate greater use of HSMs over the next 12 months for several use cases, including:
- Payment transaction processing or payment credential issuing / provisioning — expected to increase from 32% to 52%.
- Cloud Access Security Brokers (CASBs) for encryption key management are expected to increase from 21% to 38%
- “Big data” encryption is expected to increase from 20% to 31%
- Internet of Things (IoT) root of trust applications are expected to increase from 12% to 23%.
“Our research shows that organizations in France appear to have a focused approach to encryption, with more specific data types, drivers and concerns than many of their global counterparts. But as these organizations increase their use of cloud, IoT, containerization and similar modern computing trends, so the need to encrypt data more widely will increase,” said Jérôme Beclin, Technical Sales Consultant, Data Protection Solutions, Entrust. “An enterprise-wide encryption strategy, combined with the wider adoption of HSMs to provide encryption key management and a root of trust, are key foundations for ensuring these institutions remain secure from accidental and malicious data loss as their IT systems continue to evolve.”
Report: 2021 France Encryption Trends Study
2021 Global Encryption Trends Study methodology
The 2021 Global Encryption Trends Study, based on research by the Ponemon Institute, captures how organizations around the world are dealing with compliance, increased threats, and the implementation of encryption to protect their business-critical information and applications. 6,610 IT professionals were surveyed across multiple industry sectors in 17 countries/regions: Australia, Brazil, France, Germany, Hong Kong, Japan, Mexico, Middle East (which is a combination of respondents located in Saudi Arabia and the United Arab Emirates), Netherlands, the Russian Federation, Spain, Southeast Asia, South Korea, Sweden, Taiwan, the United Kingdom, and the United States.