Authored By: Kieran Hernon, Vice President for Digital Identity, Entrust APAC & EMEA
The past year alone saw businesses across the globe rapidly embrace digital transformation and accelerate migration to the cloud to meet the demands of remote and contactless work. Now, more than a year into the pandemic and remote working, organisations must refine their approach to digital security to fill the vulnerability gaps caused by new technologies.
A key pillar in this approach is cryptography, which helps organisations protect their customers and employees, financial records and intellectual property as data proliferates across devices and systems. While the number of enterprise-wide encryption strategies has increased over the last decade, global adoption remains sub-par at a mere 50%. The report also points to Southeast Asia (SEA) with an encryption adoption rate of 36% — below the abovementioned global average, signalling a potential for organisations to leap frog the global index with advanced cryptography practices.
With the average cost of a breach in SEA being US$2.71 million per organisation, the vulnerabilities resulting from an absence of crypto-grade encryption are clear. While introducing new technology into the enterprise has never been for the faint of heart — particularly when the solutions have the potential to radically change the way an organisation delivers its capabilities — encryption and cryptography remain one of the most important tools that businesses in the region can adopt in securing important data assets.
Strengthening the case for adoption with a CryptoCoE
Technology adoption challenges arise when enterprise teams do not fully establish the connection between the new technologies and their immediate strategic value to the business.
In the case of encryption adoption, this is where a well-defined cryptographic centre of excellence (CryptoCoE) can play a role. A CryptoCoE — which can be described as a capability centre with the aim of boosting operational crypto with proven tools and expertise — can provide meaningful insights and best practices throughout the organisation’s adoption of crypto.
In fact, Gartner posits that such CoEs can helps businesses focus and align their current resources and expertise around a specific capability to accomplish and sustain world-class performance and value. For enterprises looking to board the crypto-encryption train, the pooling of experts and resources within the CryptoCoE helps ensure that cryptographic instances are in line with modern day threats and compliant with the latest standards and regulations.
Leveraging CryptoCoE to unlock digital agility
With technology constantly evolving, and hackers along with it, no organisation should ever be resting on their laurels when it comes to protecting their data. Secure as their data may be today, it will eventually be breached if an enterprise does not approach their security strategy as an iterative process that evolves alongside the environment and business needs.
Cyber threats are growing in sophistication, and organisations need to develop a mature management of cryptography, which includes developing an agile response plan that can adapt to evolving regulations, security threats and internal changes. A CryptoCoE can shift enterprises from a position of reactivity to crypto agility — by establishing and enabling a comprehensive crypto management strategy, and the provision of company-wide training and resources for teams not as familiar with the technology.
This allows enterprises to rapidly adapt crypto tactics without making significant changes to the crypto infrastructure, which is useful not only in the face of threats and breaches but also when compliance or internal governance requirements change. With a CryptoCoE in place, transitioning to the latest encryption requirements can be done seamlessly and quickly, without compromising any sensitive information throughout the chain of trust.
Balancing the risks to reap the rewards
Establishing a CryptoCoE may seem like an additional project or cost, and justifying the return of investment (ROI) on such a team can be challenging.
The truth is, it can be near impossible to calculate the repercussions of unknown risks and how security measures factor in. Aside from lost revenue resulting from a data breach or system downtime, organisations can only estimate the damaging impact to their company’s reputation. Furthermore, as breaches become more of an everyday occurrence — companies can no longer keep to a ‘if it’s not broken, don’t try to fix it’ mentality. When disruptions such as COVID-19 and other major breaches occur, these are the same companies that get left behind.
Prioritising a crypto strategy will ensure that businesses are able to mitigate threats and operate with minimal interruption. If executed well, a CryptoCoE is well worth the effort and costs to ensure business continuity, enhance data security and most importantly — strengthen consumers’ trust.