Security concerns are preventing businesses from unlocking the potential benefits of data center consolidation and cloud services, according to research from data protection company SafeNet Inc.
The research, which is based on a survey of approximately 600 security and IT executives worldwide, found that while nearly three-quarters of IT professionals view data center consolidation as important (63% to 75%, depending on geographical area), just over half (51%) have no consolidation plans in place and only a quarter have completed consolidation projects.
The survey results illustrate that security challenges, with regard to addressing encryption and key management needs, may be contributing factors to the slower progress in consolidation efforts, including moving workloads from physical machines to virtualized systems.
Specifically, of those who view data center consolidation as important, 62% said their biggest worry was losing control of cryptographic keys. This sentiment indicates that strong encryption and secure management of keys are critical prerequisites to data-center consolidation and cloud migration.
In fact, only one-fifth (21%) of respondents indicated that they are currently doing any encryption in their virtual environments. As well as encryption and managing cryptographic keys being technically challenging for IT professionals, these survey results also suggest that businesses do not have the required staffing levels in place to support a consolidation project. Nearly 60% of respondents said they had less than five people involved in encryption management globally. In addition, nearly one-third (27.5%) said they had more than ten business applications that required encryption.
"The adoption of new technologies—such as big data, mobility, and cloud-based services—has pushed data center consolidation to the top of the priority list for many businesses. Yet it is clear that security concerns combined with a lack of resources are hampering the progress of such transformations," says Prakash Panjwani, senior vice president and general manager, SafeNet.
"Any shift in infrastructure can be daunting for IT professionals, however with data now stored across a hybrid IT landscape—including on-premises, on mobile devices, and in the cloud—security teams need to move away from traditional approaches and adopt new encryption technologies that support today’s dynamic data center and service provider environments," he says.
Looking specifically at current security processes for managing cryptographic keys, the research revealed that:
- Almost three-quarters (74%) have at least some encryption keys in software, leaving the door open to attackers.
- Less than one in ten (8.3%) secure their keys solely in hardware.
- Just under one-fifth (18%) didn’t know where their keys were stored.
- Less than half of respondents (45.6%) manage cryptographic keys centrally. This sets the stage for inefficiency, overlapping efforts, inconsistent policy enforcement, and difficulty in auditing.
"Encrypted data is only as secure and available as the keys used to encrypt it, so businesses need to ensure they are getting their key management strategies right. By deploying a multilayer encryption and centralized key management strategy, and leveraging hardware for key management and storage, organizations can accelerate their cloud, virtualization, and consolidation initiatives while also retaining control over their sensitive data," says Panjwani.