Top Trends in Data Security: Takeaways from the 2021 Thales Data Report

How has the COVID-19 pandemic affected data security?

We’ve seen firsthand numerous immediate impacts, and we also know that many longer-term ones are still playing out. But understanding exactly what these shifts look like across the board is critical to charting the best path forward.

That was the premise behind the Keyfactor sponsored 2021 Thales Data Threat Report, which surveyed more than 2,600 security professionals and executive leaders about everything from COVID-19 and work-from-home strategies to quantum computing.

Here are some of the most notable takeaways.

The pandemic ushered in new ways of working, many of which organizations plan to continue at least to some extent going forward. Most notably, it shifted remote work from the exception to the norm and accelerated cloud migrations. These shifts have directly impacted security strategies and initially caught many organizations off-guard. 

In fact, 46% of respondents said their security infrastructure was not prepared to handle the range of risks associated with the new business environment brought on by the pandemic.

Nearly two-thirds of organizations expect to make an increase in remote working a permanent trend. But many organizations were not prepared for this type of environment in March 2020.

Specifically, 82% of respondents expressed concerns about giving employees remote access to systems at the start of the pandemic. Digging deeper reveals these concerns might have stemmed from the methods used to manage remote work, which was primarily VPN (60%) and virtual desktop infrastructure (56%). Neither of these more traditional approaches offers granular control to effectively secure and manage the diverse needs that come from having an entire employee population work remotely.

Organizations have already made great strides to address this challenge. Going forward, the primary access methods organizations plan to use are Zero Trust network access/software-defined perimeter (44%) and cloud-based access management (42%). These more modern approaches give security teams more flexibility and context to authenticate users on an as-needed basis.

The shift to the cloud was already underway and the pandemic only accelerated that momentum, with 33% of respondents rating infrastructure/cloud as their most important investment for the coming year.

The biggest challenge most organizations faced in this area over the past year was properly securing sensitive data in the cloud through the use of encryption. Specifically, 83% of respondents said that less than 50% of their sensitive data stored in the cloud was encrypted. This is not surprising given that nearly half of respondents said managing privacy and data protection regulations in the cloud was more complex than doing so on-premise.

Organizations still need to make progress in this area, but the fact that security professionals recognize these risks and are increasing investments accordingly is a promising start.

The report argues that the ultimate measure of security comes down to an organization’s ability to protect against breaches. An important piece of this includes understanding what potential threats look like going forward; however, that viewpoint revealed a major disconnect based on organizational role.

Practitioners, who typically deal directly with the impacts of an attack, were more likely to perceive there would be an increase in threats going forward than those in executive roles, who are usually more removed from the day-to-day (56% of practitioners perceived an increase in threats vs. 46% of executives).

This should be a big point of awareness for executives, as it’s essential to make sure that they are not under-investing in secure practices to protect against potential increases in attacks going forward. One of the best places to start is for executives to take steps that can help increase their understanding of the threats practitioners see on a daily basis.

Nearly half of respondents indicated concerns about the arrival of quantum computing and its potential to break current cryptographic approaches, which can lead to serious security risks.

The fact that quantum computing is top of mind for so many organizations reveals that the long-expected arrival of quantum computing is finally on the horizon and that many leaders are trying to plan ahead — perhaps to avoid getting caught off-guard like they did with the shifts in working styles at the onset of the pandemic.

One of the best ways organizations can prepare for the arrival of quantum computing is to improve crypto-agility, for example by evaluating and starting to introduce post-quantum cryptographic techniques.

Finally, the survey found that even though encryption/key management ranked second in spending priorities, respondents ranked encryption as the most effective option for protecting sensitive data.

These responses represent a misalignment that needs correction. Organizations should give serious thought to increasing their investments in encryption given the effectiveness of this approach in protecting sensitive data. This is especially the case in light of the fact that unencrypted data is a known area of weakness as organizations continue to accelerate cloud migrations.

Effectively strengthening encryption requires introducing a strong program for key management that can scale alongside the growing identities each organization has. This means security leaders should look beyond homegrown systems and spreadsheets to introduce more agile and centralized systems that can enforce policies in a highly flexible, efficient and consistent way, all at the speed required by modern DevOps teams.

What else is on the horizon for organizational data security? What are the biggest trends keeping security professionals up at night and where are most organizations prioritizing their investments? Download the 2021 Thales Data Report to get the full details.