Upload
others
View
9
Download
0
Embed Size (px)
Citation preview
#2018DataThreat
2018THALESDATA THREATREPORT
Trends in Encryption and Data Security
KOREA EDITIONEXECUTIVE SUMMARY
2 2018 THALES DATA THREAT REPORT • KOREA EDITION
Digital transformation drives efficiency and scale for existing products and services, while also making possible new business models that drive growth and profitability. Enterprises in South Korea (hereafter just “Korea”) are embracing the opportunity by leveraging all digital technology offers but can leave the security of their sensitive data at risk in a rush to deployment.
We found that the overall adoption of cloud, big data, IoT, containers, mobile payments and blockchain technologies by enterprises is at very high levels to drive this transformation. Cloud adoption is now universal, creating the new problem of how to securely use and manage multi-cloud deployments. Big Data usage is now at 99%, and blockchain, mobile payments, and IoT usage are all at more than 90% adoption rates. With 95% of respondents also identifying that their organizations are using sensitive data within these environments these massive rates of adoption make the problem of data security hypercritical. Not only do each of these environments have unique data security problems, but enterprises must also deal with strict Korean compliance requirements that apply wherever personal data is used (such as the Personal Information Protection Act – PIPA) as well as global mandates for data security.
THE TOPLINE
Digital transformation is not only driving massive turmoil in IT but also requires new approaches to data security
DIGITAL TRANSFORMATION TECHNOLOGIES ARE INCREASING RISKS
ENCRYPTION IS CRITICAL TO SOLVING DATA SECURITY PROBLEMS
Encryption drives digitally transformation and traditional data security
42% 37% 48% 49%
Cloud Big Data IoT Containers
Encryption technologies are 3 of the top 4 data security tools planned this year:
Data masking Encryption in the cloud
61% 45%
CREDIT CARD
1234 5678 9123 4567
Multifactorauthentication
48%Tokenization45%
53%
Encryption
MULTI-CLOUD USAGE BRINGS ADDITIONAL RISKSDIGITAL TRANSFORMATION REQUIRES NEW DATA SECURITY APPROACHES
High levels of usage complicate the problem
Top three concerns with cloud computing
The good news
95% using digital transformation technologies with sensitive data
(cloud, big data, IoT, containers, blockchain or mobile payments)
99% 95% 93%100% 92%Cloud usageis universal
Use Big Data ImplementingIoT
Working onor usingMobile
Payments
Blockchain project
implementedor in process
Use 2 or more IaaS vendors
Using 2 or more PaaS environments
Use more than10 SaaS applications
66% 71% 68%
56%
53%
53%
Shared infrastructure vulnerabilities
Breaches at the cloud provider
Managing multiple encryption keysacross multiple cloud providers
Encryption in the cloud
44%Cloud encryption gateway or Cloud
Access Security Broker
HSMs41%52%
BYOK (BringYour Own Key)
encryption
48%
Percentage of respondents reporting that their organizations are using sensitive data with these technologies
Sensitive data use in digital transformation technologies is high
Machine learning – bene�t or threat?
Big Data
Mobile Payments
Blockchain
IoT
Containers
58%
48%
25%
22%
17%
a threat51%
a benefit75%
Planning to deploy data security technologies this year
3 2018 THALES DATA THREAT REPORT • KOREA EDITION
95%“Use digital transformation technologies with sensitive data (cloud, big data, IoT, containers, blockchain or mobile payments).”
42018 THALES DATA THREAT REPORT • KOREA EDITION
Digital transformation has evolved as a significant driver for data threats. The overall adoption of cloud and SaaS applications, big data implementations, IoT, containers, mobile payments and blockchain technologies also raises security risks owing to their relative newness, the unique approaches required to protect data within each environment and the sheer scale of deployments. Moreover, sensitive data will be used within these environments to enable new business models, reduce costs, analyze extensive data sets, collaborate and store critical information – as reported by 95% of respondents.
In widest use for digital transformation were cloud (100%) and big data (99%). Over 90% of respondents are also implementing IoT, containers, mobile payments, and blockchain technologies this year. Usage with sensitive data complicates the problems inherent in these new technology implementations.
DIGITAL TRANSFORMATION REQUIRES A NEW DATA SECURITY APPROACH
“Increased use of cloud ranks as the top reason for IT security spending.”
—Garrett Bekker, 451 Research Principal Analyst, Information Security Author of the 2018 Thales Data Threat Report
Implementations levels and sensitive data usage with digital transformation technologies
Digital transformation initiatives have high usage of sensitive data
100%30%
36%
100%28%
99%58%
95%48%
93%22%
92%17%
95% use digital transformation technologies with sensitive data(cloud, big data, IoT, containers, blockchain or mobile payments)
47% The top driver for IT security spending is the adoption of cloud computing
Cloud - IaaS
Cloud - SaaS
Cloud - PaaS
Big Data
Mobile
IoT
Blockchain
Using or planning to use the technology Using sensitive data with the technology
Unavailable: minimum 68% – Maximum 100%
5 2018 THALES DATA THREAT REPORT • KOREA EDITION
Multi-cloud operations creating big concerns
We found that 66% of respondents identified that their enterprise uses more than 10 Software as a Services (SaaS) services, 66% were also using two or more Infrastructure as a Services (IaaS) offerings and 71% two or more Platform as a Service (PaaS) offerings. This level of cloud service usage drives innovation and efficiency, but comes at a price for data security – and it can be measured levels of complexity driven by the unique requirements for protecting, and retaining control of, data within this range of environments.
In a traditional data center, not only was data physically secured within the four walls of the enterprise, but all of the infrastructure underlying implementation tools and networks were also under the direct control of the organization. Now, for IaaS, a specific data security plan must be created for each deployment and environment, then enforced by policy, operational methods and tools. For SaaS and PaaS environments, the case is more complex. In many of these environments, organizations are given little control over how their data is stored or protected, and in some cases where data security controls are available (such as AWS S3 storage buckets or Salesforce implementations) managing encryption keys, and access controls become a new task, requiring new expertise and tools. Third party offerings that reduce this complexity with integrated management of encryption technologies for multiple environments are starting to become available, but are not yet widely recognized. Organizations are going to need them – A basic security maxim is that whoever controls the keys, controls the data. Encryption – with encryption key control either local or remote from the cloud environment managed – is required.
“With increasingly porous networks, and expanding use of external resources (SaaS, PaaS, and IaaS most especially) traditional endpoint and network security are no longer sufficient.”
—Garrett Bekker, 451 Research Principal Analyst, Information Security Author of the 2018 Thales Data Threat Report
Multi-cloud usage brings additional risks
Top three concerns with cloud computing
The good newsAre implementing data security in the cloud today
Use 2 or more IaaS vendors
Using 2 or more PaaS environments
Use more than10 SaaS applications
66% 71% 68%
56%
53%
53%
Shared infrastructure vulnerabilities
Breaches at the cloud provider
Managing multiple encryption keysacross multiple cloud providers
Encryption in the cloud
44%Cloud encryption gateway or Cloud Access Security Broker
HSMs41%52%
BYOK (Bring YourOwn Key) encryption
48%
62018 THALES DATA THREAT REPORT • KOREA EDITION
As a nation, Korea takes data privacy and information security very seriously. The six-year-old Personal Information Protection Act (PIPA) is among the most comprehensive and strict of privacy regulations in the world – violations are met with aggressive fines and even prison time. Further, a year ago even tougher penalties for violations of data protection and privacy requirements were enacted, and there are also numerous sector-specific data protection laws targeting IT service providers, credit agencies, financial institutions, and many others.
It is within this very strict and potentially punitive privacy and data protection environment that organizations must conduct business today in Korea. Even within this environment, responses from the IT security professionals polled indicate that almost half – 44% of enterprises – have encountered a data breach at some time. With one in three of those data breach incidents (16%) occurring in the last year, and 9% of all organizations reporting data breach incidents – they had been breached both in the last year and previously.
However, alarming as these statistics are, they indicate that organizations in Korea are doing better than their counterparts elsewhere, perhaps due to the strict compliance regimes in place.
However, our results also show good news as well. IT security budgets are starting to expand to counteract these threats. Even though lack of budget is the top reason cited for not implementing or increasing spending on data security at 54%, 76% are increasing their IT security spending, with 12% reporting that IT security spending will be much higher this year.
ALMOST HALF OF ALL KOREAN ENTERPRISES HAVE ALREADY ENCOUNTERED A DATA BREACH
“Look for data security toolsets that offer services-based deployments, platforms, and automation that reduce usage and deployment complexity for an additional layer of protection for data.”
—Garrett Bekker, 451 Research Principal Analyst, Information Security Author of the 2018 Thales Data Threat Report
Rates of data breaches in Korea and as measured globally
Perceived barriers to data security deployment
GlobalKorea
Lack of budget
Lack of organizationalbuy-in/Low priority
Complexity
Lack of staff to manage
Lack of perceived need
Concerns about impactson performance and
business process
Korea Global Korea Global
Data breach in the last year
Data breach at another time
44%
67%
16%
36%
Korea Global
Repeated breaches
9% 15%
56%36%
42%34%
26%43%
40%32%
45%37%
42%42%
72018 THALES DATA THREAT REPORT • KOREA EDITION7
“Korea reports some of the lowest rates of data breaches, with 16% of Korean respondents reporting a breach in the past year, less than half of the global average of 36%.”
8 2018 THALES DATA THREAT REPORT • KOREA EDITION
We found that respondents clearly recognize the defenses designed specifically for protecting data are the most effective tools for doing so. Data-at-rest defenses were rated as the most effective tools for protecting data, with 68% responding that they were either ‘very’ or ‘extremely’ effective. However, data-at-rest security tools are not getting a high priority in spending increases. In fact, the data-at-rest defenses that are the most effective at protecting large data stores are almost the lowest priority for increases in spending, at only 35%, with only analysis and correlation tools achieving a lower rating at 34%.
At the same time, network (48%) and end point (42%) defenses are garnering the greatest increases in spending, even as these tools become less relevant because of cloud computing, and are no longer wholly effective against attacks designed to compromise data. The combination of spear phishing with zero-day exploits available to criminal hackers makes it almost impossible to keep intruders off a network with network and endpoint-based security controls. And, respondents recognize the most effective solutions are security controls that provide an additional layer of protection directly around data sets. Data-at-rest and data-in-motion security tools can reduce attack surfaces, and provide the information needed to quickly find and stop attacks in progress around large data sets.
ORGANIZATIONS NEED TO CHANGE HOW THEY PROTECT THEIR DATA
Respondents report biggest spending increases in tools that no longer protect data effectively
“Re-prioritize your IT security tool set.”
“With increasingly porous networks, and expanding use of external resources (SaaS, PaaS, and IaaS most especially) traditional endpoint and network security are no longer sufficient.”
“Data security offers increased protection to known and unknown sensitive data found within advanced technology environments.”
—Garrett Bekker, 451 Research Principal Analyst, Information Security Author of the 2018 Thales Data Threat Report
Rated very or extremely effective at protecting data Spending increase
A problem: Rated most effect at protecting data, but low planned spending increases
68%35%
67%48%
57%37%
61%34%
57%42%
Endpoint & mobiledevice defenses
Analysis &correlation tools
Data at restdefenses
Data in motiondefenses
Networkdefenses
92018 THALES DATA THREAT REPORT • KOREA EDITION
Good news. Not only did respondents in Korea identify that encryption technologies are the most effective way to protect data, but in spite of low spending levels, projects are underway to implement encryption for data protection at fairly high levels. Respondents identified that three of the top data security tools planned this year are encryption technologies – Data masking, encryption in the cloud and tokenization. Also, 32% are already using some encryption in cloud environments, while encryption and access controls are top selections for the IT security tools needed to expand usage of digital transformation. Last, 53% plan to encrypt data to meet global data privacy and sovereignty requirements.
ENCRYPTION IS A CRITICAL TOOL FOR PROTECTING SENSITIVE DATA – WHEREVER IT RESIDES
Protects data in traditional data centers, cloud, big data, and wherever sensitive information is used or stored
Data masking Encryption in the cloud
61% 45%CREDIT CARD
1234 5678 9123 4567 Multifactorauthentication
48%Tokenization45%
Encryption technologies are 3 of the top 4 data security tools that are planned this year (but not yet implemented):
Encryption needed to drive digital transformation
42% 37% 48% 49%
Cloud:A top three tool needed for more
cloud use
Big Data:System-level encryption and access controls for underlying systems and compute nodes a top three tool needed for more big data use
IoT: Secure authentication(an encryption
technology) the top tool need for more
IoT adoption
Containers: Encryption drives Container usage
Encryption is the top tool planned for use to meet global privacy regulations such as GDPR
53%of respondents are deploying database and file encryption now
68%
“Even though cloud adoption in Korea is less aggressive than, say, in the U.S., increased use of cloud ranks as the top reason for security spending (47%) much higher than the global average (39%).“
“With increasingly porous networks, and expanding the use of external resources (SaaS, PaaS, and IaaS most especially) traditional endpoint and network security are no longer sufficient. When implemented as a part of the initial development (for ease of implementation versus retrofitting at a later date), data security offers increased protection to known and unknown sensitive data found within advanced technology environments.”
“Look for data security toolsets that offer services-based deployments, platforms, and automation that reduce usage and deployment complexity for an additional layer of protection for data.”
—Garrett Bekker, 451 Research Principal Analyst, Information Security Author of the 2018 Thales Data Threat Report
10 2018 THALES DATA THREAT REPORT • KOREA EDITION
112018 THALES DATA THREAT REPORT • KOREA EDITION
ENCRYPTION IS THE SOLUTION
Encryption technologies are critical to protecting data at rest, in motion and in use. Encryption secures data to meet compliance requirements, best practices and privacy regulations. It’s the only tool set that ensures the safety and control of data not only in the traditional data center, but also with the technologies used to drive the digital transformation of the enterprise.
ABOUT THALES
Thales eSecurity is the leader in advanced data security solutions and services that deliver trust wherever information is created, shared or stored. We ensure that the data belonging to companies and government entities is both secure and trusted in any environment – on-premises, in the cloud, in data centers or big data environments – without sacrificing business agility. Security doesn’t just reduce risk, it’s an enabler of the digital initiatives that now permeate our daily lives – digital money, e-identities, healthcare, connected cars and with the internet of things (IoT) even household devices. Thales provides everything an organization needs to protect and manage its data, identities and intellectual property and meet regulatory compliance – through encryption, advanced key management, tokenization, privileged user control and high assurance solutions. Security professionals around the globe rely on Thales to confidently accelerate their organization’s digital transformation. Thales eSecurity is part of Thales Group.
CLICK HERE TO TO READ THE FULL REPORT
OUR SPONSORS GEOBRIDGE
©2018 Thales