listen to this article:
The importance of encryption and tokenization technologies rose to new heights during Covid-19 due to the uptake of remote collaboration tools while employees worked from home. Along with a widespread increase in reports of cyber-attacks since the pandemic began, Zoom landed themselves in hot water last year when it revealed that their encryption standards were not fully end-to-end, leaving data vulnerable to being compromised.
To gauge enterprises’ encryption and tokenization requirements in 2021 and beyond, the Unbound Security team polled business and IT representatives, including CEOs, CTOs and security engineers across a wide range of industries, including IT, education, financial services and entertainment. Significantly, nearly all respondents (91%) agree the need for encryption or tokenization services is growing – and the findings revealed some interesting insights into what is driving that demand and the changing attitudes towards adopting solutions.
What is Driving Encryption Demand?
63% of business and IT decision-makers say cloud migration is the primary reason why enterprises use encryption tools. More diverse reasons are also behind the increased use of encryption. Almost three-in-five (59%) respondents say their use of encryption is driven by corporate mandate followed by 54% who say new digital applications and services are the main drivers.
When it comes to use cases, notably, two-thirds of respondents (66%) say they use encryption to authorize data-users or to authenticate data kept in the cloud. The same percentage (66%) employ encryption for transaction and code signing, while more than six-in-ten (63%) say their encryption technology protects data used by their applications.
Cloud Migration is Leading the Charge
When it comes to encryption, it is all about the cloud. More specifically, it is clear from the findings that mass cloud migration is driving businesses to secure their critical data through new services such as advanced encryption tools.
Cloud migration, cloud interoperability and cloud native services all have unique security implications and demand best-of-breed approaches to protect the increasing exchange of high volumes of data. In particular, effective encryption keys are paramount and for businesses with on-premise infrastructure, hardware security modules or apps partially in the cloud, not being able to secure cryptographic keys that protect data across a disparate range of scenarios can have severe consequences.
Many businesses choose to rely on the encryption capabilities of the major cloud service providers’ solutions. However, the problem is that placing keys and data in the same location creates a fundamental security flaw. Not only are they more vulnerable to criminals but also government warrants and subpoenas can demand that CSPs reveal what they hold, instantly exposing the keys to third parties.
Having key managed by cloud providers also creates a fragmented picture in terms of data governance. These solutions’ key logs and usage reports cover only a small part of the bigger picture, making it almost impossible for enterprises to get complete visibility across every deployment and consolidate management in one place.
The answer is for enterprises to write and manage their own keys on a separate one-stop platform using multiparty computation. An MPC platform splits keys into multiple pieces and places them on different servers and devices. Ultimately, they are never reassembled and since all the pieces are needed to obtain any vital information, it eliminates any single point of failure. As such, these more modern cryptographic platforms underpinned by MPC are enabling enterprises to gain control in cloud environments, providing the most effective means to secure and manage encryption keys.
Code Signing Emerges As A Key Priority
Both digital identity and code signing solutions came out as the top areas where encryption tools are required the most. Notably, this is despite the fact that digital identity is a fairly new phenomenon in the world of security and code signing is often handled by a DevOps team instead of the typical security teams.
Code signing is a mission-critical process for enterprises, enabling its users to verify the validity of a software update before installing. However, ad hoc approaches to code signing have proved ineffective at curtailing the proliferation of breaches, prompting the need for more radical tactics.
Breaches of code-signing systems can have huge ramifications, providing hackers with a backdoor directly into an organizations’ most sensitive networks – and, commonly, using that organization as a supply-chain attack into others. The SolarWinds Orion software breach in 2020 is one high profile example, where attackers obtained a valid signature on a code update that included malicious software.
The challenge is that many development teams manage private keys for code signing manually, separately, and independently – both messy and dangerous. As a result, more enterprises are now moving to centralized management to gain global visibility of the administration and usage of code signing keys. As with cloud projects, these new approaches are leveraging MPC to unify key management, enabling enterprises to set exact access controls and audit trails to prevent breaches.
Enterprise Blockchain Outranks Crypto Assets As A Security Concern
Interestingly, slightly more than half of all enterprises (51%) say blockchain projects are among the use cases where encryption and tokenization tools are needed the most, compared to just 39% for crypto assets.
This highlights the greater importance enterprises are placing on blockchain security, over crypto assets, despite both using the same underlying technology with the same vulnerabilities. This is particularly notable given the high-profile concerns around security within the crypto asset market. This is likely because blockchain has become more readily used across many ancillary use cases beyond the management of crypto assets.
With enterprise blockchains providing a way for companies to have authority of transactions or any digital interaction, use of encryption tools to ensure confidentiality of this data ensures that it will not be accessible by unauthorized parties once it is in transit.
For organizations, taking steps to protect data from cyber criminals via encryption in enterprise blockchains is even more pertinent when considering that the content can include the location of supply chain goods or sensitive figures around global payments.
MPC Is The Game-Changer
Digital business will ultimately thrive with the advent of best practices for encryption – particularly in the cloud and for personally identifiable information (PII). Encrypting all data in cloud applications and tokenizing data where possible has become essential.
Cutting edge cryptography using MPC is proving a game-changer for enterprises, enabling them to support their own unique requirements and blend of infrastructures. As a result, they can synchronize key management across multiple environments and software applications, eliminating any single point of failure, improving authentication and insider threat mitigation, and driving greater innovation.