The research, which is based on a global survey of approximately 600 security and IT executives, found that while nearly three-quarters of IT professionals view data centre consolidation as important (75 percent EMEA; 73 percent NORAM; 63 percent APAC), more than half (51 percent) have no consolidation plans in place (46 percent EMEA; 49 percent NORAM; 71 percent APAC) and only a quarter have completed consolidation projects.
The survey results illustrate that security challenges, with regard to addressing encryption and key management needs, may be contributing factors to the slower progress in consolidation efforts, including moving workloads from physical machines to virtualised systems. Specifically, of those who view data centre consolidation as important, 62 percent said their biggest worry was losing control of cryptographic keys (68 percent EMEA; 65 percent NORAM; 59 percent APAC). This sentiment indicates that strong encryption and secure management of keys are critical prerequisites to data centre consolidation and cloud migration.
In fact, only one-fifth (21 percent) of respondents indicated that they are currently doing any encryption in their virtual environments (23 percent EMEA; 22 percent NORAM; 16 percent APAC). As well as encryption and managing cryptographic keys being technically challenging for IT professionals, these survey results also suggest that businesses do not have the required staffing levels in place to support a consolidation project. Nearly 60 percent of respondents said they had less than five people involved in encryption management globally. In addition, nearly one-third (27.5 percent) said they had more than 10 business applications that required encryption.
“The adoption of new technologies—such as big data, mobility, and cloud-based services—has pushed data centre consolidation to the top of the priority list for many businesses. Yet it is clear that security concerns combined with a lack of resources are hampering the progress of such transformations,” stated Prakash Panjwani, senior vice president and general manager, SafeNet.
“Any shift in infrastructure can be daunting for IT professionals, however with data now stored across a hybrid IT landscape—including on-premises, on mobile devices, and in the cloud—security teams need to move away from traditional approaches and adopt new encryption technologies that support today’s dynamic data centre and service provider environments,” Mr. Panjwani continued.
Looking specifically at current security processes for managing cryptographic keys, the research revealed that:
· Almost three-quarters (74 percent) have at least some encryption keys in software (74 percent EMEA; 76 percent NORAM; 69 percent APAC) – leaving the door open to attackers.
· Less than one in ten (8.3 percent) secure their keys solely in hardware (8 percent EMEA; 7 percent NORAM; 14 percent APAC).
· Just under one-fifth (18 percent) didn’t know where their keys were stored (17 percent EMEA; 16 percent NORAM; 17 percent APAC).
· Less than half of respondents (45.6 percent) manage cryptographic keys centrally (41 percent EMEA; 43 percent NORAM; 45 percent APAC). This sets the stage for inefficiency, overlapping efforts, inconsistent policy enforcement, and difficulty in auditing.
“Encrypted data is only as secure and available as the keys used to encrypt it, so businesses need to ensure they are getting their key management strategies right. By deploying a multi-layer encryption and centralised key management strategy, and leveraging hardware for key management and storage, organisations can accelerate their cloud, virtualisation, and consolidation initiatives while also retaining control over their sensitive data,” concluded Prakash Panjwani, SafeNet.