The hospitality industry uses more encryption than do governments. So does the leisure industry and also the transportation sector. The public sector, in fact, ranks sixth for use of encryption, according to a survey of security practitioners in seven countries. The survey was sponsored by Thales e-Security, the data protection arm of the Paris-based defense giant.
Credit: Thales e-Security
At the same time, estimated total spending on encryption by all sectors grew by 2.5 percent from 2011 to 2012, one of the biggest jumps in the eight years the survey has been conducted.
Thales released the “2012 Global Encryption Trends Study” today. The Ponemon Institute of Traverse City, Mich., surveyed 4,205 individuals on Thales’ behalf.
The spending figures were particularly interesting to Thales: “This last year we saw one of the biggest hikes in budgets that we’ve seen for the last seven years or so,” said Thales e-Security’s Richard Moulds, vice president of product strategy.
In 2011, businesses and governments spent 15.1 percent of their information technology security budget on encryption. The number jumped to 17.6 in 2012.
As for the public sector's low ranking, Moulds suspects it's because more governments are requiring credit card information to be encrypted wherever it resides or flows within an organization. Ironically, that pushes those governments below "such security hotspots as hospitality and leisure."
Perhaps most significantly, the study shows that encryption strategies – once the purview of IT managers – are increasingly being set at higher levels.
“In the U.S., this was the first year that business centric managers” in government and private businesses “became the primary responsibility for writing the encryption strategy,” he said.
That means protecting data through encryption is becoming a bigger deal, he said.
“Most other security technologies out there, whether it’s identity management or intrusion detection, or whatever it might be, are pretty much constrained to the security group and IT group. But encryption seems to be different because it’s tied so squarely to public policy, public privacy laws, information disclosure, data disclosure acts,” Moulds said.