The survey results illustrate that security challenges, with regard to addressing encryption and key management needs, may be contributing factors to the slower progress in consolidation efforts, including moving workloads from physical machines to virtualized systems. Specifically, of those who view data center consolidation as important, 62 percent said their biggest worry was losing control of cryptographic keys (68 percent EMEA; 65 percent NORAM; 59 percent APAC). This sentiment indicates that strong encryption and secure management of keys are critical prerequisites to data center consolidation and cloud migration.
In fact, only one-fifth (21 percent) of respondents indicated that they are currently doing any encryption in their virtual environments (23 percent EMEA; 22 percent NORAM; 16 percent APAC). As well as encryption and managing cryptographic keys being technically challenging for IT professionals, these survey results also suggest that businesses do not have the required staffing levels in place to support a consolidation project. Nearly 60 percent of respondents said they had less than five people involved in encryption management globally. In addition, nearly one-third (27.5 percent) said they had more than 10 business applications that required encryption.
Looking specifically at current security processes for managing cryptographic keys, the research revealed that:
- Almost three-quarters (74 percent) have at least some encryption keys in software (74 percent EMEA; 76 percent NORAM; 69 percent APAC) – leaving the door open to attackers.
- Less than one in ten (8.3 percent) secure their keys solely in hardware (8 percent EMEA; 7 percent NORAM; 14 percent APAC).
- Just under one-fifth (18 percent) didn't know where their keys were stored (17 percent EMEA; 16 percent NORAM; 17 percent APAC).
- Less than half of respondents (45.6 percent) manage cryptographic keys centrally (41 percent EMEA; 43 percent NORAM; 45 percent APAC). This sets the stage for inefficiency, overlapping efforts, inconsistent policy enforcement, and difficulty in auditing.