THALES DATA THREAT REPORT

Similar documents
THALES DATA THREAT REPORT

2017 THALES DATA THREAT REPORT

2018 THALES DATA THREAT REPORT

GLOBAL ENCRYPTION TRENDS STUDY

GLOBAL ENCRYPTION TRENDS STUDY

2018 THALES DATA THREAT REPORT

THALES DATA THREAT REPORT

GLOBAL PKI TRENDS STUDY

THALES DATA THREAT REPORT

2015 VORMETRIC INSIDER THREAT REPORT

Healthcare IT Modernization and the Adoption of Hybrid Cloud

Enabling Hybrid Cloud Transformation

Best Practices in Securing a Multicloud World

Securing Digital Transformation

THALES esecurity: SECURING YOUR DIGITAL TRANSFORMATION

Retail Security in a World of Digital Touchpoint Complexity

DIGITAL TRANSFORMATION IN FINANCIAL SERVICES

Key Findings from the Global State of Information Security Survey 2017 Indonesian Insights

SIEM: Five Requirements that Solve the Bigger Business Issues

LTI Security Services. Intelligent & integrated Approach to Cyber & Digital Security

Preparing your network for the next wave of innovation

PONEMON INSTITUTE RESEARCH REPORT 2018 STUDY ON GLOBAL MEGATRENDS IN CYBERSECURITY

Why Enterprises Need to Optimize Their Data Centers

Danish Cloud Maturity Survey 2018

STOPS CYBER ATTACKS BEFORE THEY STOP YOU. Prepare, recognize, and respond to today s attacks earlier with Verizon Security Solutions.

THE IMPLICATIONS OF PERFORMANCE, SECURITY, AND RESOURCE CONSTRAINTS IN DIGITAL TRANSFORMATION

Teradata and Protegrity High-Value Protection for High-Value Data

Cloud Computing: Making the Right Choice for Your Organization

nshield GENERAL PURPOSE HARDWARE SECURITY MODULES

INTRODUCTION. We would like to thank HelpSystems for supporting this unique research. We hope you will enjoy the report.

Modern Database Architectures Demand Modern Data Security Measures

Run the business. Not the risks.

Cognizant Cloud Security Solution

Go mobile. Stay in control.

Spotlight Report. Information Security. Presented by. Group Partner

MITIGATE CYBER ATTACK RISK

Traditional Security Solutions Have Reached Their Limit

Symantec Cloud Workload Protection

All the resources you need to get buy-in from your team and advocate for the tools you need.

Mastering The Endpoint

STAY ONE STEP AHEAD OF THE CRIMINAL MIND. F-Secure Rapid Detection & Response

Service. Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution

YOUR WEAKEST IT SECURITY LINK?

How to Create, Deploy, & Operate Secure IoT Applications

SOLUTION BRIEF RSA NETWITNESS EVOLVED SIEM

ENABLING SECURE CLOUD CONNECTIVITY. Create a Successful Cloud Strategy with Reliable Connectivity Solutions

Angela McKay Director, Government Security Policy and Strategy Microsoft

Government IT Modernization and the Adoption of Hybrid Cloud

Make security part of your client systems refresh

Jim Reavis CEO and Founder Cloud Security Alliance December 2017

What can we lose not implementing proper security in our IT environment? Aleksandar Pavlovic Security Account Manager Cisco

KNOWLEDGE GAPS: AI AND MACHINE LEARNING IN CYBERSECURITY. Perspectives from U.S. and Japanese IT Professionals

Security in India: Enabling a New Connected Era

DIGITAL TRUST Making digital work by making digital secure

Mapping Your Requirements to the NIST Cybersecurity Framework. Industry Perspective

TechValidate Survey Report: SaaS Application Trends and Challenges

Moving Workloads to the Public Cloud? Don t Forget About Security.

McAfee Total Protection for Data Loss Prevention

THE STATE OF MEDIA SECURITY HOW MEDIA COMPANIES ARE SECURING THEIR ONLINE PROPERTIES

DEFENCE IN DEPTH HOW ANTIVIRUS, TRADITIONAL FIREWALLS, AND DNS FIREWALLS WORK TOGETHER

SIEMLESS THREAT MANAGEMENT

IBM Cloud Internet Services: Optimizing security to protect your web applications

How to ensure control and security when moving to SaaS/cloud applications

SYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security

CYBER SECURITY FOR BUSINESS COUNTING THE COSTS, FINDING THE VALUE

HOW IT INVESTMENT STRATEGIES HELP AND HINDER GOVERNMENT S ADOPTION OF CLOUD & AI

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

THE SIX ESSENTIAL CAPABILITIES OF AN ANALYTICS-DRIVEN SIEM

The Next Evolution of Enterprise Public Cloud. Bring the Oracle Cloud to Your Data Center

Presented by Ingrid Fredeen and Pamela Passman. Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 0

Secure & Unified Identity

Evolution For Enterprises In A Cloud World

The State of Cybersecurity and Digital Trust 2016

OWASP CISO Survey Report 2015 Tactical Insights for Managers

Delivering Cyber Security Confidence for the Modern Enterprise

Fundamental Shift: A LOOK INSIDE THE RISING ROLE OF IT IN PHYSICAL ACCESS CONTROL

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

SD-WAN. Enabling the Enterprise to Overcome Barriers to Digital Transformation. An IDC InfoBrief Sponsored by Comcast

IMPLEMENTING SECURITY, PRIVACY, AND FAIR DATA USE PRINCIPLES

Comprehensive Database Security

Credit Union Cyber Crisis: Gaining Awareness and Combatting Cyber Threats Without Breaking the Bank

Forensic analysis with leading technology: the intelligent connection Fraud Investigation & Dispute Services

IDENTITY: A KEY ELEMENT OF BUSINESS-DRIVEN SECURITY

The Emerging Role of a CDN in Facilitating Secure Cloud Deployments

Security Operations & Analytics Services

Paper. Delivering Strong Security in a Hyperconverged Data Center Environment

Panda Security 2010 Page 1

Privileged Account Security: A Balanced Approach to Securing Unix Environments

6 Ways Office 365 Keeps Your and Business Secure

GDPR COMPLIANCE REPORT

AKAMAI CLOUD SECURITY SOLUTIONS

MOBILE SECURITY 2017 SPOTLIGHT REPORT. Information Security PRESENTED BY. Group Partner

RSA Solution Brief. Managing Risk Within Advanced Security Operations. RSA Solution Brief

Total Cost of Ownership: Benefits of ECM in the OpenText Cloud

CROWDSTRIKE FALCON FOR THE PUBLIC SECTOR

Making hybrid IT simple with Capgemini and Microsoft Azure Stack

Global Information Security Survey. A life sciences perspective

Cylance Axiom Alliances Program

Move Cyber Threats On To Another Target. Encrypt Everything, Everywhere. Imam Sheikh Director, Product Management Vormetric

EY Norwegian Cloud Maturity Survey Current and planned adoption of cloud services

Transcription:

2018 THALES DATA THREAT REPORT Trends in Encryption and Data Security INDIA EDITION EXECUTIVE SUMMARY #2018DataThreat

THE TOPLINE Rising risks for sensitive data in India In India, as in the rest of the world, reports of major data breaches are epidemic 75% or respondents reporting a breach, and 52% in the last year alone. And these breaches have occurred in spite of global efforts to fight back with increased IT security spending. This ongoing game of cat-and-mouse suggests that global attackers tactics, sophistication and motivation are helping them to stay at least one step ahead of often overwhelmed and beleaguered defenders. Another accompanying problem increased funding is not being deployed most effectively to counteract evolving threats and new compute environments. Regardless, doing what we have been doing for decades is no longer working. The more relevant question on the minds of IT and business leaders is: What will it take to stop the breaches? Respondents in India identified their organizations as using digital transformation technologies at levels higher than what we ve seen elsewhere around the world, and with sensitive data use within them at very high levels. These environments are as large a component of the problem as evolving threats, or even more so. The benefits of this transformation are substantial, but each environment and instance add new attack surfaces and data security problems that need to be addressed. IT SECURITY SPENDING IS UP AND SO ARE DATA BREACHES Breach rates reach new highs 75% 52% 23% DIGITAL TRANSFORMATION EXPANDS DATA THREAT LANDSCAPES All organizations use digital transformation technologies with sensitive data (cloud, big data, IoT, containers, blockchain or mobile payments) Cloud usage the top problem 100% 92% Top IT security spending drivers 52% 47% Breached ever (three out of four) Breached in the last year (over half) Breached multiple times (nearly one quarter have been breached both in the last year and previously) Even as enterprises increase IT security spending Universal cloud usage Highest use of sensitive data in the cloud measured Reputation and brand protection Multi-cloud usage is high, bringing additional risks Cloud computing 93% 56% 54% Overall increasing spending Much higher spending (highest of any country polled) Will increase data-at-rest spending 85% 65% 96% Use 2 or more IaaS vendors Use more than 25 SaaS applications Use 2 or more PaaS environments NOT PUTTING THEIR MONEY WHERE THEIR DATA IS Respondents report their organizations increasing spending the least on the most effective tools for protecting data ENCRYPTION IS CRITICAL TO SOLVING DATA SECURITY PROBLEMS Encryption drives digital transformation and traditional data security Data at rest Data in motion defenses defenses 90% 54% 90% 63% Most effective but lowest spending increases Analysis & correlation tools 91% 64% 53% 51% Cloud: Cloud provider key management is the top tool needed for more cloud use 48% 42% IoT: Data security/ Encryption the top IT security tool needed to increase IoT usage Containers: Availability of encryption the top IT security tool needed to increase adoption 38% Big Data: The top three tool needed for big data adoption encryption with access controls Network defenses 87% 59% Rated very or extremely effective Endpoint & mobile device defenses 81% 81% Spending Increase 30% Encryption is the top tool planned for use to meet global privacy regulations such as GDPR 51% Hardware Security Modules (HSMs) are the top data security tool planned for this year, but not yet implemented 2018 THALES DATA THREAT REPORT INDIA EDITION 2

100% Use digital transformation technologies with sensitive data (cloud, big data, IoT, containers, blockchain or mobile payments). 3 2018 THALES DATA THREAT REPORT INDIA EDITION

DIGITAL TRANSFORMATION REQUIRES A NEW DATA SECURITY APPROACH Digital transformation drives efficiency and scale for existing products and services, while also making possible new business models that drive growth and profitability. Enterprises in India are embracing the opportunity by leveraging all that digital technology offers, but can leave the security of their sensitive data at risk in the rush to deployment. We found massive adoption of cloud, big data, IoT, mobile payments and blockchain technologies by enterprises to drive this transformation. Cloud, big data and IoT adoption was reported as universal among our respondents with Mobile payments and Blockchain only fractionally behind at 99%. Each of these environments has unique data security challenges that must be addressed for secure usage with sensitive data, but the cloud is the most problematic. Cloud usage with sensitive data was especially high at 92% (the highest of any geography that we measured this year), with multiple cloud usage also at elevated levels, creating the new problem of how to secure sensitive data across multi-cloud deployments. Digital transformation initiatives have high usage of sensitive data 100% use digital transformation technologies with sensitive data (cloud, big data, IoT, containers, blockchain or mobile payments) 47% The second most important item impacting IT security spending decisions is cloud computing behind only reputation and brand at 52% Implementations levels and sensitive data usage with digital transformation technologies Using or planning to use the technology Using sensitive data with the technology Cloud Big Data Mobile Payments IoT Blockchain 26% 49% 48% 55% 100% 92% 100% 99% 100% 99% Containers 15% Not measured 2018 THALES DATA THREAT REPORT INDIA EDITION 4

Multi-cloud operations creating big concerns We found that 65% of respondents identified that their enterprise uses more than twenty-five Software as a Service (SaaS) offerings, 85% were also using two or more Infrastructure as a Services (IaaS) offerings and 96% two or more platform as a service (PaaS) offerings. This level of cloud service usage drives innovation and efficiency, but comes at a price for data security and it can be measured by the unique requirements for protecting, and retaining control of, data within this range of environments. In a traditional data center, not only is data physically secured within the four walls of the enterprise, but all of the underlying implementation, tools and networks are also under the direct control of the organization. Now, for IaaS, a specific data security plan must be created for each deployment and environment, then enforced by policy, operational methods and tools. For SaaS and PaaS environments, the case is more complex. In many of these environments, organizations are given little control over how their data is stored or protected, and in some cases where data security controls are available (such as AWS S3 storage buckets or Salesforce implementations) managing encryption keys, and access controls become a new task, requiring new expertise and tools. Third party offerings that reduce this complexity with integrated management of encryption technologies for multiple environments are starting to become available, but are not yet widely recognized. Organizations are going to need them A basic security maxim is that whoever controls the keys, controls the data. Encryption with encryption key control either local or remote from the cloud environment managed is required. As organizations increasingly engage with multiple cloud providers, who maintains control over encryption keys has become a huge potential issue, particularly for those who take advantage of native encryption services. Garrett Bekker, 451 Research Principal Analyst, Information Security Author of the 2018 Thales Data Threat Report Multi-cloud usage brings additional risks 85% 65% 96% Use 2 or more IaaS vendors Use more than 25 SaaS applications Use 2 or more PaaS environments Top concerns with cloud computing Lack of control over data location/ data residency concerns Security breaches/attacks at the service provider Managing monitoring and deploying multiple cloud native security tools Top IT security tools need to expand cloud computing use Exposure of detailed 86% security monitoring data 54% 86% 82% Encryption of data with service provider storage and management of encryption keys Mapping of service provider admin roles 53% 51% Managing encryption keys across multiple cloud environments Shared infrastructure vulnerabilities 81% 81% Encryption with enterprises premises storage and management of encryption keys Compliance commitments 49% 48% Privileged user abuse at the cloud provider 77% 5 2018 THALES DATA THREAT REPORT INDIA EDITION

IT SECURITY SPENDING IS UP AND SO ARE DATA BREACHES Of particular concern for India are the elevated rates of breaches being encountered. Not only did 75% of our respondents report that their organization had been breached in the past, but also over half (52%) reported a breach during the last 12 months. This is the highest rate encountered in all the countries surveyed. Only the U.S. came close, with 46% breached in the last year. India also showed the highest rate we measured of repeated breaches that is, organizations breached both in the last year and previously at 23% (nearly one quarter of all organizations). This is especially troubling, as it indicates that organizations are not learning from previous mistakes about how to protect their sensitive data, or they are simply not making it a priority. Data breaches reported in India Breached ever (three out of four) 75% Breached in the last year (over half) 52% Breached multiple times (nearly one quarter have been breached both in the last year and previously) 23% There is some evidence that a key component of the problem is that organizations have decided not to make data security a priority, when asked about the barriers to data security within their organizations, 37% cited lack of perceived need and 36% lack of organizational buy in. However, our results also show good news as well. IT security budgets are starting to expand to counteract these threats. 93% are increasing their IT security spending, the highest rate we found anywhere, with 56% reporting that IT security spending will be much higher this year. HOW WILL ORGANIZATIONS MITIGATE THESE RISKS? Increasing IT security spending 93% 56% 54% Overall increasing spending Much higher spending (highest of any country polled) Will increase data-at-rest spending Look for data security toolsets that offer services-based deployments, platforms, and automation that reduce usage and deployment complexity for an additional layer of protection for data. Garrett Bekker, 451 Research Principal Analyst, Information Security Author of the 2018 Thales Data Threat Report 2018 THALES DATA THREAT REPORT INDIA EDITION 6

Not only did 75% of our respondents report that their organization had been breached in the past, but also over half (52%) reported a breach during the last 12 months. This is the highest rate encountered in all the countries surveyed. 7 2018 THALES DATA THREAT REPORT INDIA EDITION 7

ORGANIZATIONS NEED TO CHANGE HOW THEY PROTECT THEIR DATA Respondents report biggest spending increases in tools that no longer protect data effectively We found that respondents clearly recognize the defenses designed specifically for protecting data are the most effective tools for doing so. Data-at-rest and Data-in-motion defenses were rated as two of the top three tools for protecting data, with 90% responding that they were either very or extremely effective. Analysis and correlation tools, such as Security Information and Event Management (SIEM) or big data for security systems are also highly effective at helping to identify threats for data, and rated slightly higher at 91%. However, data-at-rest security tools, among the best methods for protecting data repositories, are not getting a high priority in spending increases. In fact, the data-at-rest defenses that are the most effective at protecting large data stores are the lowest priority for increases in IT security spending, with 54% increasing spending in this area the lowest of all our categories measured. At the same time, increases in IT security spending are greatest for endpoint (81%) defenses and network defenses also garnered spending increases of 59%, even as these tools are no longer wholly effective against attacks designed to compromise data. The combination of spear phishing with zero-day exploits available to criminal hackers makes it almost impossible to keep intruders away from critical data stores solely with network and endpoint-based security controls. As respondents recognize, the most effective solutions are security controls that provide an additional layer of protection directly around data sets, and to help identify attacks underway against data based on analytics such as data access patterns. Data-at-rest and data-in-motion security tools can reduce attack surfaces, and provide the information that analytics tools need to quickly find and stop attacks designed to mine critical data while in progress. Cloud computing also makes network security tools less relevant as increasingly infrastructure is no longer implemented within the four walls of the enterprise. When it comes to which defenses will garner the biggest planned spending increases, endpoint/mobile defenses rank at the top of spending plans (81%), while planned spending on the top-ranked defense data at rest is dead last (54%). Garrett Bekker, 451 Research Principal Analyst, Information Security Author of the 2018 Thales Data Threat Report NOT PUTTING THEIR MONEY WHERE THEIR DATA IS Respondents report their organizations increasing spending the least on the most effective tools for protecting data Data at rest Data in motion defenses defenses 90% 54% 90% 63% Analysis & correlation tools 91% 64% Network defenses 87% 59% Endpoint & mobile device defenses 81% 81% Most effective but lowest spending increases 2018 THALES DATA THREAT REPORT INDIA EDITION 8

ENCRYPTION IS A CRITICAL TOOL FOR PROTECTING SENSITIVE DATA WHEREVER IT RESIDES Protects data in traditional data centers, cloud, big data, and wherever sensitive information is used or stored Good news. Not only did respondents in India identify that encryption technologies are the most effective way to protect data, but in spite of low spending levels, projects are underway to implement encryption for data protection at fairly high levels. Respondents identified that three of the top five data security tools planned this year are encryption technologies BYOK, enabling cloud-native encryption capabilities, tokenization and hardware security modules (HSMs). Last, 44% plan to encrypt data to meet global data privacy and sovereignty requirements. Encryption technologies are 3 of the top 5 data security tools that are being implemented this year: CREDIT CARD 1234 5678 9123 4567 73% Data masking 70% 64% Database/file encryption Cloud-native encryption capabilities 62% DLP 61% Identity and access management Encryption needed to drive digital transformation 53% 51% 48% 42% 38% Cloud: Cloud provider key management is the top tool needed for more cloud use IoT: Data security/ Encryption the top IT security tool needed to increase IoT usage Containers: Availability of encryption the top IT security tool needed to increase adoption Big Data: The top three tool needed for big data adoption encryption with access controls 30% Encryption is the top tool planned for use to meet global privacy regulations such as GDPR 51% Hardware Security Modules (HSMs) are the top data security tool planned for this year, but not yet implemented 9 2018 THALES DATA THREAT REPORT INDIA EDITION

With such shockingly high breach levels, it is not surprising that Indians feel far more vulnerable to security attacks than their peers around the globe, with 62% saying they feel either very or extremely vulnerable to attacks on sensitive data, compared with just 44% globally and 53% in the U.S. What s more, 37% in India feel extremely vulnerable, way above the global average of 21%. Only the U.S. is close at 30%. With increasingly porous networks, and expanding the use of external resources (SaaS, PaaS, and IaaS most especially) traditional endpoint and network security are no longer sufficient. When implemented as a part of the initial development (for ease of implementation versus retrofitting at a later date), data security offers increased protection to known and unknown sensitive data found within advanced technology environments. Look for data security toolsets that offer services-based deployments, platforms, and automation that reduce usage and deployment complexity for an additional layer of protection for data. Garrett Bekker, 451 Research Principal Analyst, Information Security Author of the 2018 Thales Data Threat Report 10

ENCRYPTION IS THE SOLUTION Encryption technologies are critical to protecting data at rest, in motion and in use. Encryption secures data to meet compliance requirements, best practices and privacy regulations. It s the only tool set that ensures the safety and control of data not only in the traditional data center, but also with the technologies used to drive the digital transformation of the enterprise. ABOUT THALES Thales esecurity is the leader in advanced data security solutions and services that deliver trust wherever information is created, shared or stored. We ensure that the data belonging to companies and government entities is both secure and trusted in any environment on-premises, in the cloud, in data centers or big data environments without sacrificing business agility. Security doesn t just reduce risk, it s an enabler of the digital initiatives that now permeate our daily lives digital money, e-identities, healthcare, connected cars and with the internet of things (IoT) even household devices. Thales provides everything an organization needs to protect and manage its data, identities and intellectual property and meet regulatory compliance through encryption, advanced key management, tokenization, privileged user control and high assurance solutions. Security professionals around the globe rely on Thales to confidently accelerate their organization s digital transformation. Thales esecurity is part of Thales Group. CLICK HERE TO TO READ THE FULL REPORT OUR SPONSORS GEOBRIDGE 11 2018 THALES DATA THREAT REPORT INDIA EDITION

2018 Thales

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback