2018 THALES DATA THREAT REPORT - Thales eSecurity · Author of the 2018 Thales Data Threat Report I D % % % % % 99% 5% 95% % 9% % 9% % 95% use digital transformation technologies

#2018DataThreat

2018THALESDATA THREATREPORT

Trends in Encryption and Data Security

KOREA EDITIONEXECUTIVE SUMMARY

2 2018 THALES DATA THREAT REPORT • KOREA EDITION

Digital transformation drives efficiency and scale for existing products and services, while also making possible new business models that drive growth and profitability. Enterprises in South Korea (hereafter just “Korea”) are embracing the opportunity by leveraging all digital technology offers but can leave the security of their sensitive data at risk in a rush to deployment.

We found that the overall adoption of cloud, big data, IoT, containers, mobile payments and blockchain technologies by enterprises is at very high levels to drive this transformation. Cloud adoption is now universal, creating the new problem of how to securely use and manage multi-cloud deployments. Big Data usage is now at 99%, and blockchain, mobile payments, and IoT usage are all at more than 90% adoption rates. With 95% of respondents also identifying that their organizations are using sensitive data within these environments these massive rates of adoption make the problem of data security hypercritical. Not only do each of these environments have unique data security problems, but enterprises must also deal with strict Korean compliance requirements that apply wherever personal data is used (such as the Personal Information Protection Act – PIPA) as well as global mandates for data security.

THE TOPLINE

Digital transformation is not only driving massive turmoil in IT but also requires new approaches to data security

DIGITAL TRANSFORMATION TECHNOLOGIES ARE INCREASING RISKS

ENCRYPTION IS CRITICAL TO SOLVING DATA SECURITY PROBLEMS

Encryption drives digitally transformation and traditional data security

42% 37% 48% 49%

Cloud Big Data IoT Containers

Encryption technologies are 3 of the top 4 data security tools planned this year:

Data masking Encryption in the cloud

61% 45%

CREDIT CARD

1234 5678 9123 4567

Multifactorauthentication

48%Tokenization45%

53%

Encryption

MULTI-CLOUD USAGE BRINGS ADDITIONAL RISKSDIGITAL TRANSFORMATION REQUIRES NEW DATA SECURITY APPROACHES

High levels of usage complicate the problem

Top three concerns with cloud computing

The good news

95% using digital transformation technologies with sensitive data

(cloud, big data, IoT, containers, blockchain or mobile payments)

99% 95% 93%100% 92%Cloud usageis universal

Use Big Data ImplementingIoT

Working onor usingMobile

Payments

Blockchain project

implementedor in process

Use 2 or more IaaS vendors

Using 2 or more PaaS environments

Use more than10 SaaS applications

66% 71% 68%

56%

53%

53%

Shared infrastructure vulnerabilities

Breaches at the cloud provider

Managing multiple encryption keysacross multiple cloud providers

Encryption in the cloud

44%Cloud encryption gateway or Cloud

Access Security Broker

HSMs41%52%

BYOK (BringYour Own Key)

encryption

48%

Percentage of respondents reporting that their organizations are using sensitive data with these technologies

Sensitive data use in digital transformation technologies is high

Machine learning – bene�t or threat?

Big Data

Mobile Payments

Blockchain

IoT

Containers

58%

48%

25%

22%

17%

a threat51%

a benefit75%

Planning to deploy data security technologies this year


95%“Use digital transformation technologies with sensitive data (cloud, big data, IoT, containers, blockchain or mobile payments).”

42018 THALES DATA THREAT REPORT • KOREA EDITION

Digital transformation has evolved as a significant driver for data threats. The overall adoption of cloud and SaaS applications, big data implementations, IoT, containers, mobile payments and blockchain technologies also raises security risks owing to their relative newness, the unique approaches required to protect data within each environment and the sheer scale of deployments. Moreover, sensitive data will be used within these environments to enable new business models, reduce costs, analyze extensive data sets, collaborate and store critical information – as reported by 95% of respondents.

In widest use for digital transformation were cloud (100%) and big data (99%). Over 90% of respondents are also implementing IoT, containers, mobile payments, and blockchain technologies this year. Usage with sensitive data complicates the problems inherent in these new technology implementations.

DIGITAL TRANSFORMATION REQUIRES A NEW DATA SECURITY APPROACH

“Increased use of cloud ranks as the top reason for IT security spending.”

—Garrett Bekker, 451 Research Principal Analyst, Information Security Author of the 2018 Thales Data Threat Report

Implementations levels and sensitive data usage with digital transformation technologies

Digital transformation initiatives have high usage of sensitive data

100%30%

36%

100%28%

99%58%

95%48%

93%22%

92%17%

95% use digital transformation technologies with sensitive data(cloud, big data, IoT, containers, blockchain or mobile payments)

47% The top driver for IT security spending is the adoption of cloud computing

Cloud - IaaS

Cloud - SaaS

Cloud - PaaS

Big Data

Mobile

IoT

Blockchain

Using or planning to use the technology Using sensitive data with the technology

Unavailable: minimum 68% – Maximum 100%


Multi-cloud operations creating big concerns

We found that 66% of respondents identified that their enterprise uses more than 10 Software as a Services (SaaS) services, 66% were also using two or more Infrastructure as a Services (IaaS) offerings and 71% two or more Platform as a Service (PaaS) offerings. This level of cloud service usage drives innovation and efficiency, but comes at a price for data security – and it can be measured levels of complexity driven by the unique requirements for protecting, and retaining control of, data within this range of environments.

In a traditional data center, not only was data physically secured within the four walls of the enterprise, but all of the infrastructure underlying implementation tools and networks were also under the direct control of the organization. Now, for IaaS, a specific data security plan must be created for each deployment and environment, then enforced by policy, operational methods and tools. For SaaS and PaaS environments, the case is more complex. In many of these environments, organizations are given little control over how their data is stored or protected, and in some cases where data security controls are available (such as AWS S3 storage buckets or Salesforce implementations) managing encryption keys, and access controls become a new task, requiring new expertise and tools. Third party offerings that reduce this complexity with integrated management of encryption technologies for multiple environments are starting to become available, but are not yet widely recognized. Organizations are going to need them – A basic security maxim is that whoever controls the keys, controls the data. Encryption – with encryption key control either local or remote from the cloud environment managed – is required.

“With increasingly porous networks, and expanding use of external resources (SaaS, PaaS, and IaaS most especially) traditional endpoint and network security are no longer sufficient.”


Multi-cloud usage brings additional risks

Top three concerns with cloud computing

The good newsAre implementing data security in the cloud today

Use 2 or more IaaS vendors

Using 2 or more PaaS environments

Use more than10 SaaS applications

66% 71% 68%

56%

53%

53%

Shared infrastructure vulnerabilities

Breaches at the cloud provider

Managing multiple encryption keysacross multiple cloud providers

Encryption in the cloud

44%Cloud encryption gateway or Cloud Access Security Broker

HSMs41%52%

BYOK (Bring YourOwn Key) encryption

48%


As a nation, Korea takes data privacy and information security very seriously. The six-year-old Personal Information Protection Act (PIPA) is among the most comprehensive and strict of privacy regulations in the world – violations are met with aggressive fines and even prison time. Further, a year ago even tougher penalties for violations of data protection and privacy requirements were enacted, and there are also numerous sector-specific data protection laws targeting IT service providers, credit agencies, financial institutions, and many others.

It is within this very strict and potentially punitive privacy and data protection environment that organizations must conduct business today in Korea. Even within this environment, responses from the IT security professionals polled indicate that almost half – 44% of enterprises – have encountered a data breach at some time. With one in three of those data breach incidents (16%) occurring in the last year, and 9% of all organizations reporting data breach incidents – they had been breached both in the last year and previously.

However, alarming as these statistics are, they indicate that organizations in Korea are doing better than their counterparts elsewhere, perhaps due to the strict compliance regimes in place.

However, our results also show good news as well. IT security budgets are starting to expand to counteract these threats. Even though lack of budget is the top reason cited for not implementing or increasing spending on data security at 54%, 76% are increasing their IT security spending, with 12% reporting that IT security spending will be much higher this year.

ALMOST HALF OF ALL KOREAN ENTERPRISES HAVE ALREADY ENCOUNTERED A DATA BREACH

“Look for data security toolsets that offer services-based deployments, platforms, and automation that reduce usage and deployment complexity for an additional layer of protection for data.”


Rates of data breaches in Korea and as measured globally

Perceived barriers to data security deployment

GlobalKorea

Lack of budget

Lack of organizationalbuy-in/Low priority

Complexity

Lack of staff to manage

Lack of perceived need

Concerns about impactson performance and

business process

Korea Global Korea Global

Data breach in the last year

Data breach at another time

44%

67%

16%

36%

Korea Global

Repeated breaches

9% 15%

56%36%

42%34%

26%43%

40%32%

45%37%

42%42%

72018 THALES DATA THREAT REPORT • KOREA EDITION7

“Korea reports some of the lowest rates of data breaches, with 16% of Korean respondents reporting a breach in the past year, less than half of the global average of 36%.”


We found that respondents clearly recognize the defenses designed specifically for protecting data are the most effective tools for doing so. Data-at-rest defenses were rated as the most effective tools for protecting data, with 68% responding that they were either ‘very’ or ‘extremely’ effective. However, data-at-rest security tools are not getting a high priority in spending increases. In fact, the data-at-rest defenses that are the most effective at protecting large data stores are almost the lowest priority for increases in spending, at only 35%, with only analysis and correlation tools achieving a lower rating at 34%.

At the same time, network (48%) and end point (42%) defenses are garnering the greatest increases in spending, even as these tools become less relevant because of cloud computing, and are no longer wholly effective against attacks designed to compromise data. The combination of spear phishing with zero-day exploits available to criminal hackers makes it almost impossible to keep intruders off a network with network and endpoint-based security controls. And, respondents recognize the most effective solutions are security controls that provide an additional layer of protection directly around data sets. Data-at-rest and data-in-motion security tools can reduce attack surfaces, and provide the information needed to quickly find and stop attacks in progress around large data sets.

ORGANIZATIONS NEED TO CHANGE HOW THEY PROTECT THEIR DATA

Respondents report biggest spending increases in tools that no longer protect data effectively

“Re-prioritize your IT security tool set.”

“With increasingly porous networks, and expanding use of external resources (SaaS, PaaS, and IaaS most especially) traditional endpoint and network security are no longer sufficient.”

“Data security offers increased protection to known and unknown sensitive data found within advanced technology environments.”


Rated very or extremely effective at protecting data Spending increase

A problem: Rated most effect at protecting data, but low planned spending increases

68%35%

67%48%

57%37%

61%34%

57%42%

Endpoint & mobiledevice defenses

Analysis &correlation tools

Data at restdefenses

Data in motiondefenses

Networkdefenses


Good news. Not only did respondents in Korea identify that encryption technologies are the most effective way to protect data, but in spite of low spending levels, projects are underway to implement encryption for data protection at fairly high levels. Respondents identified that three of the top data security tools planned this year are encryption technologies – Data masking, encryption in the cloud and tokenization. Also, 32% are already using some encryption in cloud environments, while encryption and access controls are top selections for the IT security tools needed to expand usage of digital transformation. Last, 53% plan to encrypt data to meet global data privacy and sovereignty requirements.

ENCRYPTION IS A CRITICAL TOOL FOR PROTECTING SENSITIVE DATA – WHEREVER IT RESIDES

Protects data in traditional data centers, cloud, big data, and wherever sensitive information is used or stored

Data masking Encryption in the cloud

61% 45%CREDIT CARD

1234 5678 9123 4567 Multifactorauthentication

48%Tokenization45%

Encryption technologies are 3 of the top 4 data security tools that are planned this year (but not yet implemented):

Encryption needed to drive digital transformation

42% 37% 48% 49%

Cloud:A top three tool needed for more

cloud use

Big Data:System-level encryption and access controls for underlying systems and compute nodes a top three tool needed for more big data use

IoT: Secure authentication(an encryption

technology) the top tool need for more

IoT adoption

Containers: Encryption drives Container usage

Encryption is the top tool planned for use to meet global privacy regulations such as GDPR

53%of respondents are deploying database and file encryption now

68%

“Even though cloud adoption in Korea is less aggressive than, say, in the U.S., increased use of cloud ranks as the top reason for security spending (47%) much higher than the global average (39%).“

“With increasingly porous networks, and expanding the use of external resources (SaaS, PaaS, and IaaS most especially) traditional endpoint and network security are no longer sufficient. When implemented as a part of the initial development (for ease of implementation versus retrofitting at a later date), data security offers increased protection to known and unknown sensitive data found within advanced technology environments.”

“Look for data security toolsets that offer services-based deployments, platforms, and automation that reduce usage and deployment complexity for an additional layer of protection for data.”




ENCRYPTION IS THE SOLUTION

Encryption technologies are critical to protecting data at rest, in motion and in use. Encryption secures data to meet compliance requirements, best practices and privacy regulations. It’s the only tool set that ensures the safety and control of data not only in the traditional data center, but also with the technologies used to drive the digital transformation of the enterprise.

ABOUT THALES

Thales eSecurity is the leader in advanced data security solutions and services that deliver trust wherever information is created, shared or stored. We ensure that the data belonging to companies and government entities is both secure and trusted in any environment – on-premises, in the cloud, in data centers or big data environments – without sacrificing business agility. Security doesn’t just reduce risk, it’s an enabler of the digital initiatives that now permeate our daily lives – digital money, e-identities, healthcare, connected cars and with the internet of things (IoT) even household devices. Thales provides everything an organization needs to protect and manage its data, identities and intellectual property and meet regulatory compliance – through encryption, advanced key management, tokenization, privileged user control and high assurance solutions. Security professionals around the globe rely on Thales to confidently accelerate their organization’s digital transformation. Thales eSecurity is part of Thales Group.

CLICK HERE TO TO READ THE FULL REPORT

OUR SPONSORS GEOBRIDGE

https://www.thalesesecurity.co.kr/2018/dtr

©2018 Thales

Documents

2018 THALES DATA THREAT REPORT - Thales eSecurity · Author of the 2018 Thales Data Threat Report I D % % % % % 99% 5% 95% % 9% % 9% % 95% use digital transformation technologies