Organisations in the Middle East work in a fast-paced and competitive environment. Data is the new oil, powering growth, efficiency and effectiveness. Translated into actionable intelligence using IT systems, data creates competitive advantage and regional organisations in both the Government and Enterprise sectors have been highly successful in using the power of data and information technology to achieve customer-centric innovation.
But, the volume of sensitive data generated by the modern enterprise is a double-edged sword. While it can be used to guide strategic decision making and create personalised experiences for customers, it raises a troublesome question- what happens when data is misused? What happens when a breach takes place? In short, organisations suffer remediation costs, reputation damage, loss of business and more. The inability to protect data also places obstructions to successfully leveraging new technologies such as cloud, big data and artificial intelligence as with their operational benefits, these also introduce new threat vectors and changing security paradigms.
The average total cost of a data breach for organisations in the Middle East is $5.31 million, as found by research conducted by the Ponemon Institute . This number reflects just how much of a financial impact a single data breach can have- a cost likely to cripple all but the largest organisations. Despite this persistent threat, only 30 percent of companies have a consistent encryption strategy implemented enterprise-wide . How is it that this paradox exists and why has data encryption been largely overlooked in enterprise security strategies?
‘Locking the Doors’ to valuable data
Organisations invest heavily in information security, creating layered security architectures and implementing various processes and technical security controls, yet they fail to consistently implement data encryption. If we draw comparisons between information security and physical security in a bank, not encrypting data would be analogous to not locking the bank vault. Yes, there are many physical security measures already in place- cameras, high walls, electric fences, many layers of doors, security guards, and motion sensors- yet one still needs to lock the vault!
The reason organisations overlook the essential digital ‘locking’ with encryption is the perceived complexity of introducing and managing this technology, and its assumed impact on business processes.
A fine balance
Achieving confidentiality, integrity and availability of data is simply not enough anymore- IT teams need to ensure convenience for users, administrators and managers when implementing any kind of security control, and especially so when implementing data encryption.
At Help AG, our advice to enterprises is to implement data encryption solutions for all their sensitive data and in particular personal, financial, health, business operations, trade secrets and intellectual property related data. Also, any data leaving organisational boundaries- such as in the case of cloud services or the outsourcing of functions to third-party service providers- should be included in the encryption strategy. This will soon become a mandatory component of security architectures and businesses that fail to implement effective solutions will continue to be easy targets for attackers.
Criteria for solution selection
Once the data for encryption has been determined, it is essential to implement the right encryption solution. In addition to budgetary factors, there are many criteria which should be given due emphasis. While encryption is an open technology area, it is not without its standards and regulations so trusting proven, tested and certified solutions is a good start. This narrows the playing field, leaving you to then focus on ease of deployment and management- both of which are essential to ensuring adoption and actual utilisation of the investment. To this end, a system which offers minimal impact on performance and business processes is also imperative as otherwise, it would be difficult to build a business case for the solution and push for enterprise-wide deployment.
From a technical standpoint, the solution must cover your organisation’s encryption requirements in multiple use cases and environments, from on-premise to the cloud, from big data to containers, and from application encryption and tokenisation to database encryption. Besides meeting immediate needs, this is necessary from a future-proofing stand point. Also important to the IT team is ease of management and here a solution designed on open-standards simplifies integration with other critical security systems, thereby enhancing the overall security architecture, simplifying utilisation and eliminating operational overheads.
Once all these parameters have been given their due consideration and appropriately fulfilled, the support of a skilled and trusted implementation partner offers the final piece of the puzzle, ensuring the solution is configured to the specific needs of your organisation, thereby allowing it to be leveraged to its full potential.
By using encryption– both for data at rest and in transit– you can ensure your organisation’s sensitive information is kept safe while still providing all the benefits that the ready availability of quality data presents to the modern enterprise.