Regional companies have shifted from an ad-hoc, incident-driven approach to encryption towards a more holistic risk-based approach, said Sebastien Pavie, director for MEA sales at encryption provider Gemalto.
“Before it was more like ‘my CEO’s lost his laptop at the airport, let’s do laptop encryption’, or ‘I need to be PCI compliant as a bank, let’s encrypt those credit card numbers in the database’,” he said on the situation just a few years ago.
“But now security professionals in this region have really taken a step back and thought about where their sensitive data is, what sort of encryption they’re using, and having central crypto- and key-management in place – because otherwise it’s going to end up in tears again,” Pavie added.
He said companies had also woken up to the need to include key management from the start of an encryption project: “There has been a change – if you went back three, four, five years ago, I saw instances where customers had started to use PKI or encryption and were losing their keys on a regular basis. They were calling our tech support to see if we can help – and we really can’t. If you haven’t backed up your keys, you need to re-key everything.
“I think organisations have come to realise that key management is almost the starting point,” said Pavie.
Click below to share this article
