Embed Size (px)
Citation preview
Executive Summary ndash 2019 Thales Data Threat Report Japan Edition
thalesesecuritycom
Executive Summary2019 Thales Data Threat Report Japan Edition
2019DataThreat
Executive Summary ndash 2019 Thales Data Threat Report Japan Edition
Digital transformation is pervasive at Japanese enterprises ndash and is putting sensitive data at riskDigital transformation (DX) is increasing efficiency enabling new services and making possible new economies of scale for existing enterprises while also opening the door for new competitors IT security professionals at Japanese enterprises report that their organizations are moving quickly to adopt and deploy the fundamental technology building blocks used for digital transformation (Cloud SaaS applications big data IoT digital payments containers and blockchain) This change introduces new risks to sensitive data of all types ndash information protected by industry standards such as PCI DSS personally identifiable information protected by privacy regulations such as APPI financial data intellectual property and secrets
This yearrsquos Japan Edition of the Thales Data Threat Report found that 92 of respondents reported that their organizations are implementing DX technologies with sensitive data and that 42 are either aggressively disruptive in their usage of these technologies or are embedding digital capabilities that enable greater organizational agility
To a great extent many organizations seem to be indulging in a false sense of security when it comes to their data Respondents overwhelmingly believe that their DX implementations are safely deployed with 58 responding that they are either very or extremely secure But this belief does not seem to be well supported by their use of encryption for data-at-rest Data-at-rest encryption one of the fundamental controls needed to ensure that sensitive data is securely deployed is in use with less than 33 of implementations
One result is that organizations feel vulnerable to threats against their data with 80 reporting that their organizations are somewhat very or extremely vulnerable to data threats Reflecting the reality of higher levels of external attacks threat vectors have also changed with cybercriminals now identified as the greatest threat to data (70 of respondents)
2
Figure 1 ndash Sensitive data is pervasive in digital transformation environmentsSource 2019 Thales Data Threat Report Survey IDC November 2018
of respondents will use sensitive data with digital transformation technologies
of respondents are using encryption within these environments
33
92
or less
70
Cybercriminals
51
Cyberterrorists
49
Privileged users
41
Service provideraccounts
52
Partners withinternal access
Figure 2 ndash Top five accounts or threat actors that pose the greatest risk to dataSource 2019 Thales Data Threat Report Survey IDC November 2018
Executive Summary ndash 2019 Thales Data Threat Report Japan Edition
The reality of the multi-cloud agency creates new risks for sensitive dataData now constitutes the ldquocrown jewelsrdquo of most organizations as they transition into todayrsquos information economy making the protection of sensitive information a critical priority However digital transformation fundamentally changes where data needs to be protected and how it needs to be secured And the cloud is both the most complex of these environments and the most widely deployed
This yearrsquos data shows that cloud usage continues to proliferate rapidly 83 of all respondents said they plan to use all three of the common cloud environment types ndash Infrastructure as a Service (IaaS) Software as a Service (SaaS) and Platform as a Service (PaaS) ndash within 12 months Moreover these deployments wonrsquot be to just one vendor or one platform 45 report that they will use three or more IaaS environments 43 three or more PaaS environments and more than 62 that they will use eleven or more SaaS environments Overall 67 report that they will also use sensitive data within at least one of these cloud environments This level of multi-cloud usage greatly compounds the difficulties Japanese enterprises face in protecting their sensitive data as each environment and often each implementation within the environment can require a unique data security approach
Tools that reduce multi-cloud data security complexity are criticalWith multi-cloud use the complexity of managing controlling and monitoring data security across all of these environments becomes a critical problem As a result itrsquos not surprising that complexity was identified by 39 of respondents as a barrier to data security deployment Lack of staff at 47 was the top barrier Meanwhile organizations need to stretch their IT security budgets to cover not only internal security but multiple outside and edge environments So budget is a critical concern Analysis of this yearrsquos results showed that the percentage of enterprises in Japan increasing IT security held steady with measurements from last year 2019 ndash 53 2018 ndash 54 With increased complexity in data environments and funding increases holding steady enterprises will need to get the highest possible return from their IT resources and spending Data security platforms and service offerings that can help organizations manage the complexity of spanning cloud on-premises and other environments are critical to meeting these needs
Encryption technologies are the top tools neededEncryption and tokenization solutions provide some of the strongest protection in todayrsquos data threat environment and respondents seem to understand this Respondents chose data encryption at 34 as the second most important item needed to alleviate data security concerns for cloud environments behind SLAs and liability terms in case of a data breach at 36
3
Figure 3 ndash Top concerns and mitigationsSource 2019 Thales Data Threat Report Survey
IDC November 2018
44are worried about security breaches and attacks at the cloud provider
45recognize SaaS encryption with enterprise encryption key management as a top solution to SaaS data security problems
Executive Summary ndash 2019 Thales Data Threat Report Japan Edition
Nearly half of Japanese enterprises encounter a data breachNot only are data breach rates high but heavy investments in IT and data security have not provided immunity
Therersquos a distressing pattern to the rates of data breaches identified Nearly half of all breached enterprises were breached in the last year and more than half of those breached in the last year have been breached previously The raw numbers show that 45 have been breached at some time in the past 21 were breached in the last year and 12 were breached both in the last year and previously
For many preventing data breaches is not an IT security spending priorityOne explanation for this may be the emphasis that enterprises are placing on their IT security spending priorities The results showed that avoiding data breaches and having previously encountered a data breach were two of the bottom three factors impacting IT security spending decisions What were the top IT security spending priorities Compliance and privacy requirements (47) followed by requirements from partners and customers (43) and increased use of cloud computing (39) If preventing data breaches isnrsquot a priority and threat levels continue to escalate it is no wonder breach rates continue to increase and that we find many serial data breach victims among enterprises in Japan (12)
A multi-layered approach to data security is requiredAs digital transformation expands the location number and type of threat vectors security solutions also need to be expanded and refocused to combat the problem Japanese respondents are at the back of the pack when it comes to expanding their focus from network security as a primary focus to adding equal focus to application and data security Today network security receives the largest share of security focus at 40 with application and data security at lower levels ndash 26 and 34 of focus respectively Making this shift wonrsquot be easy solutions in areas such as encryption and key management will need to shift to consolidated platforms that address multiple environments and use cases
4
Figure 4 ndash Number of cloud environmentsSource 2019 Thales Data Threat Report Survey IDC November 2018
Multi-cloud environments make the task of protecting sensitive data more complex
Number of cloud environments
IaaS PaaS SaaS
4 or more
2 or 3
1
4 or more
2 or 3
1
More than 100
26 - 100
1 - 25
Figure 5 ndash IT security spending increases declineSource 2019 Thales Data Threat Report SurveyIDC November 2018
With IT security spending increases remaining the same as in previous years the complexity of protecting data across multi-cloud environments leads to the need for data security platform and service solutions that can keep costs in line while reducing complexity
5354
2018 2019
Nearly half of Japanese enterprises encounter a data breach
Figure 6 ndash Data breach resistanceFew agencies are successfulSource 2019 Thales Data Threat Report SurveyIDC November 2018
45of Japanese enterprises encountered a data breach in the past with
breached in the last year
21
(ever) (in the last year)
(ever) (in the last year)
60 30
65 36
Global
US
Executive Summary ndash 2019 Thales Data Threat Report Japan Edition
Regulatory and compliance changes introduce new challengesEnterprises in Japan must cope with not only industry specific guidelines for financial institutions and credit card processing that apply worldwide (such as PCI DSS) and Japanrsquos national data privacy law (APPI) but multinationals must also cope with global regulations such as GDPR in the European Union and over 100 other national privacy laws around the world In our survey 84 reported that they would be affected by these regulations
Respondents also identified compliance requirements as an area of concern for digital transformation environments especially for cloud big data and containers
bullCloud 34 are very or extremely concerned about meeting compliance requirements in public cloud environments
bullBig Data 38 are concerned about data privacy violations
bullContainers 37 are concerned about privacy violations from shared container resource use
As the complexity and number of compliance and regulatory requirements have increased so have Japanese organizationsrsquo failure rates when audited for implementation of these standards Results from our survey showed that while only 9 of respondents reported their enterprise had failed a data security compliance audit more than twelve months previously 18 ndash twice that number ndash failed a data security audit within the last year
For global enterprises that also operate outside of Japan the potential for substantial penalties and the requirements for detailed audits of data usage continue to increase around the world For instance the European Unionrsquos General Data Protection Regulation (GDPR) outlines potential fines of up to 4 of global sales As a result enterprises in Japan are taking steps to address these regulations Plans center around encryption and tokenization (an encryption technology) with the top selection being encryption at 31 with tokenization the second highest selection at 23
Encryption is a critical solution to data security problemsAs digital transformation results in a migration of data away from enterprisesrsquo traditional perimeters the solutions relied on in the past to protect data are no longer sufficient Fundamentally implementing digital transformation and especially cloud-based solutions and tools changes what needs to be protected and how it needs to be protected
Yet the data security stances of Japanese enterprises often seem stuck in the past As breach rates have increased across the board wersquove seen a consistent pattern in previous years of this report that IT security spending clusters around the areas that have protected networks and systems during many IT security professionalsrsquo careers
5
Preventing data breaches is not an IT security spending priority
Figure 7 ndash IT security spending prioritiesSource 2019 Thales Data Threat Report SurveyIDC November 2018
Complianceprivacy requirements
Requirements from partnerscustomers
Increased use ofcloud computing
Implementingbest practices
Competitivestrategic concerns
Reputation andbrand protection
Avoiding databreach penalties
Previous data breach
Executive directive
47
43
39
33
31
30
30
26
21
Figure 8 ndash Meeting compliance requirementsSource 2019 Thales Data Threat Report SurveyIDC November 2018
2019 2018 2017 2016
1st priority 4th priority
Meeting compliance requirements as anIT security spending priority has been atop priority for the last three years
will be affected by data privacy or sovereigntyregulations such as APPI and GDPR
How will they comply
84
Encryption technologies
Encryptingpersonal data
Tokenizing personal data (an encryption
technology)
Use local hostingand cloud providers
Move to compliance locations
54
31
23
18
12
47 59 66 30
Executive Summary ndash 2019 Thales Data Threat Report Japan Edition
For the most part these are network and end-point protections rather than the security tools that are best for protecting sensitive data-at-rest and data-in-motion Essentially organizations continue to protect against todayrsquos threats in the newest technology environments with yesterdayrsquos tools Change is required to protect sensitive data in todayrsquos IT landscape and encryption is the critical foundation technology required
Another key finding this year is that although organizations have strong plans for adopting data security technologies actual implementation rates are low When asked where encryption technologies are deployed today to protect not only cloud environments but also big data IoT containers mobile payments social media and blockchain results in every category were 33 or less At the same time 67 of respondents indicate using sensitive data in cloud environments and 30 or more using sensitive data with other digital transformation technologies (with blockchain a bit lower at 29) These results suggest that in spite of good intentions sensitive data within these environments may be at risk
Nevertheless enterprise IT security professionals we polled in Japan clearly understood whatrsquos needed to solve the problem When selecting the information security technologies that they most needed to expand their secure usage of these critical environments encryption was a top choice
bullFor Cloud Encryption was the second ranked top tool needed to enable more cloud use (34)
bullFor Containers 55 identified encryption as the top IT security tool needed to expand use
bullFor Big Data 40 selected system level encryption and access controls as a critical tool needed to alleviate security concerns
bullFor IoT Encryption was required to increase IoT use (38)
Data Security doesnrsquot have to be hard and is vitally importantOrganizations need to take a fresh look at how they provide data security Against this backdrop analysts recommend that security professionals consider the following
bullFocus on all threat vectors
bullInvest in modern hybrid and multi-cloud-based data security tools and measures that scale to modern architecture
bullLook for solutions that let you do more with less
bullPrioritize compliance and sovereignty issues
bullEncryption is an important part of the mix
6
Encryption technologies (Encryption and Tokenization) were identified as the primary strategy to address data privacy and regulatory concerns
54
Encryption is a key driver for increased adoption and usages of digitally transformative technologies
34
Cloud
Containers
40
Big data
38
IoT
55
Figure 9 ndash Encryption for Cloud Big Data IoTand Containers adoptionSource 2019 Thales Data Threat Report Survey IDCNovember 2018
Figure 10 ndash Encryption usage ratesSource 2019 Thales Data Threat Report Survey
IDC November 2018
Encryption usage rates in Japan are low
IoT
DC filevolume
Public cloud
DB ndash fieldcolumn
Big data
FDE in datacenters
ContainersDocker
Nativestorage (SAN)
Cloud native
33
32
32
26
25
24
22
18
17
Executive Summary ndash 2019 Thales Data Threat Report Japan Edition
To download the full 2019 Thales Data Threat Report Japan Edition visit ThalesesecuritycomDTR-Japan
2019DataThreat
Our Sponsors
Todayrsquos enterprises depend on the cloud data and software in order to make decisive decisions Thatrsquos why the most respected brands and largest organizations in the world rely on Thales to help them protect and secure access to their most sensitive information and software wherever it is created shared or stored ndash from the cloud and data centers to devices and across networks Our solutions enable organizations to move to the cloud securely achieve compliance with confidence and create more value from their software in devices and services used by millions of consumers every day
About Thales Cloud Protection amp Licensing
About the 2019 Thales Data Threat Report ndash Japan Edition
7
This report is based on a global survey of 1200 executives with responsibility for or influence over IT and data security from nine countries and a range of industries with a primary emphasis on healthcare financial services retail and federal government organizations Job titles range from C-level executives including CEO CFO Chief Data Officer CISO Chief Data Scientist and Chief Risk Officer to SVPVP IT Administrator Security Analyst Security Engineer and Systems Administrator Respondents represent a broad range of organizational sizes with the majority ranging from 500 to 10000 employees The survey was conducted in November 2018
The report focuses on the findings from 100 Japanese respondents providing comparisons and contrast to respondents from other regional markets For global roll-up findings and analysis please see wwwthalesesecuritycomdtr
thalesesecuritycomDTR-Japan
2019DataThreat
Executive Summary ndash 2019 Thales Data Threat Report Japan Edition
Digital transformation is pervasive at Japanese enterprises ndash and is putting sensitive data at riskDigital transformation (DX) is increasing efficiency enabling new services and making possible new economies of scale for existing enterprises while also opening the door for new competitors IT security professionals at Japanese enterprises report that their organizations are moving quickly to adopt and deploy the fundamental technology building blocks used for digital transformation (Cloud SaaS applications big data IoT digital payments containers and blockchain) This change introduces new risks to sensitive data of all types ndash information protected by industry standards such as PCI DSS personally identifiable information protected by privacy regulations such as APPI financial data intellectual property and secrets
This yearrsquos Japan Edition of the Thales Data Threat Report found that 92 of respondents reported that their organizations are implementing DX technologies with sensitive data and that 42 are either aggressively disruptive in their usage of these technologies or are embedding digital capabilities that enable greater organizational agility
To a great extent many organizations seem to be indulging in a false sense of security when it comes to their data Respondents overwhelmingly believe that their DX implementations are safely deployed with 58 responding that they are either very or extremely secure But this belief does not seem to be well supported by their use of encryption for data-at-rest Data-at-rest encryption one of the fundamental controls needed to ensure that sensitive data is securely deployed is in use with less than 33 of implementations
One result is that organizations feel vulnerable to threats against their data with 80 reporting that their organizations are somewhat very or extremely vulnerable to data threats Reflecting the reality of higher levels of external attacks threat vectors have also changed with cybercriminals now identified as the greatest threat to data (70 of respondents)
2
Figure 1 ndash Sensitive data is pervasive in digital transformation environmentsSource 2019 Thales Data Threat Report Survey IDC November 2018
of respondents will use sensitive data with digital transformation technologies
of respondents are using encryption within these environments
33
92
or less
70
Cybercriminals
51
Cyberterrorists
49
Privileged users
41
Service provideraccounts
52
Partners withinternal access
Figure 2 ndash Top five accounts or threat actors that pose the greatest risk to dataSource 2019 Thales Data Threat Report Survey IDC November 2018
Executive Summary ndash 2019 Thales Data Threat Report Japan Edition
The reality of the multi-cloud agency creates new risks for sensitive dataData now constitutes the ldquocrown jewelsrdquo of most organizations as they transition into todayrsquos information economy making the protection of sensitive information a critical priority However digital transformation fundamentally changes where data needs to be protected and how it needs to be secured And the cloud is both the most complex of these environments and the most widely deployed
This yearrsquos data shows that cloud usage continues to proliferate rapidly 83 of all respondents said they plan to use all three of the common cloud environment types ndash Infrastructure as a Service (IaaS) Software as a Service (SaaS) and Platform as a Service (PaaS) ndash within 12 months Moreover these deployments wonrsquot be to just one vendor or one platform 45 report that they will use three or more IaaS environments 43 three or more PaaS environments and more than 62 that they will use eleven or more SaaS environments Overall 67 report that they will also use sensitive data within at least one of these cloud environments This level of multi-cloud usage greatly compounds the difficulties Japanese enterprises face in protecting their sensitive data as each environment and often each implementation within the environment can require a unique data security approach
Tools that reduce multi-cloud data security complexity are criticalWith multi-cloud use the complexity of managing controlling and monitoring data security across all of these environments becomes a critical problem As a result itrsquos not surprising that complexity was identified by 39 of respondents as a barrier to data security deployment Lack of staff at 47 was the top barrier Meanwhile organizations need to stretch their IT security budgets to cover not only internal security but multiple outside and edge environments So budget is a critical concern Analysis of this yearrsquos results showed that the percentage of enterprises in Japan increasing IT security held steady with measurements from last year 2019 ndash 53 2018 ndash 54 With increased complexity in data environments and funding increases holding steady enterprises will need to get the highest possible return from their IT resources and spending Data security platforms and service offerings that can help organizations manage the complexity of spanning cloud on-premises and other environments are critical to meeting these needs
Encryption technologies are the top tools neededEncryption and tokenization solutions provide some of the strongest protection in todayrsquos data threat environment and respondents seem to understand this Respondents chose data encryption at 34 as the second most important item needed to alleviate data security concerns for cloud environments behind SLAs and liability terms in case of a data breach at 36
3
Figure 3 ndash Top concerns and mitigationsSource 2019 Thales Data Threat Report Survey
IDC November 2018
44are worried about security breaches and attacks at the cloud provider
45recognize SaaS encryption with enterprise encryption key management as a top solution to SaaS data security problems
Executive Summary ndash 2019 Thales Data Threat Report Japan Edition
Nearly half of Japanese enterprises encounter a data breachNot only are data breach rates high but heavy investments in IT and data security have not provided immunity
Therersquos a distressing pattern to the rates of data breaches identified Nearly half of all breached enterprises were breached in the last year and more than half of those breached in the last year have been breached previously The raw numbers show that 45 have been breached at some time in the past 21 were breached in the last year and 12 were breached both in the last year and previously
For many preventing data breaches is not an IT security spending priorityOne explanation for this may be the emphasis that enterprises are placing on their IT security spending priorities The results showed that avoiding data breaches and having previously encountered a data breach were two of the bottom three factors impacting IT security spending decisions What were the top IT security spending priorities Compliance and privacy requirements (47) followed by requirements from partners and customers (43) and increased use of cloud computing (39) If preventing data breaches isnrsquot a priority and threat levels continue to escalate it is no wonder breach rates continue to increase and that we find many serial data breach victims among enterprises in Japan (12)
A multi-layered approach to data security is requiredAs digital transformation expands the location number and type of threat vectors security solutions also need to be expanded and refocused to combat the problem Japanese respondents are at the back of the pack when it comes to expanding their focus from network security as a primary focus to adding equal focus to application and data security Today network security receives the largest share of security focus at 40 with application and data security at lower levels ndash 26 and 34 of focus respectively Making this shift wonrsquot be easy solutions in areas such as encryption and key management will need to shift to consolidated platforms that address multiple environments and use cases
4
Figure 4 ndash Number of cloud environmentsSource 2019 Thales Data Threat Report Survey IDC November 2018
Multi-cloud environments make the task of protecting sensitive data more complex
Number of cloud environments
IaaS PaaS SaaS
4 or more
2 or 3
1
4 or more
2 or 3
1
More than 100
26 - 100
1 - 25
Figure 5 ndash IT security spending increases declineSource 2019 Thales Data Threat Report SurveyIDC November 2018
With IT security spending increases remaining the same as in previous years the complexity of protecting data across multi-cloud environments leads to the need for data security platform and service solutions that can keep costs in line while reducing complexity
5354
2018 2019
Nearly half of Japanese enterprises encounter a data breach
Figure 6 ndash Data breach resistanceFew agencies are successfulSource 2019 Thales Data Threat Report SurveyIDC November 2018
45of Japanese enterprises encountered a data breach in the past with
breached in the last year
21
(ever) (in the last year)
(ever) (in the last year)
60 30
65 36
Global
US
Executive Summary ndash 2019 Thales Data Threat Report Japan Edition
Regulatory and compliance changes introduce new challengesEnterprises in Japan must cope with not only industry specific guidelines for financial institutions and credit card processing that apply worldwide (such as PCI DSS) and Japanrsquos national data privacy law (APPI) but multinationals must also cope with global regulations such as GDPR in the European Union and over 100 other national privacy laws around the world In our survey 84 reported that they would be affected by these regulations
Respondents also identified compliance requirements as an area of concern for digital transformation environments especially for cloud big data and containers
bullCloud 34 are very or extremely concerned about meeting compliance requirements in public cloud environments
bullBig Data 38 are concerned about data privacy violations
bullContainers 37 are concerned about privacy violations from shared container resource use
As the complexity and number of compliance and regulatory requirements have increased so have Japanese organizationsrsquo failure rates when audited for implementation of these standards Results from our survey showed that while only 9 of respondents reported their enterprise had failed a data security compliance audit more than twelve months previously 18 ndash twice that number ndash failed a data security audit within the last year
For global enterprises that also operate outside of Japan the potential for substantial penalties and the requirements for detailed audits of data usage continue to increase around the world For instance the European Unionrsquos General Data Protection Regulation (GDPR) outlines potential fines of up to 4 of global sales As a result enterprises in Japan are taking steps to address these regulations Plans center around encryption and tokenization (an encryption technology) with the top selection being encryption at 31 with tokenization the second highest selection at 23
Encryption is a critical solution to data security problemsAs digital transformation results in a migration of data away from enterprisesrsquo traditional perimeters the solutions relied on in the past to protect data are no longer sufficient Fundamentally implementing digital transformation and especially cloud-based solutions and tools changes what needs to be protected and how it needs to be protected
Yet the data security stances of Japanese enterprises often seem stuck in the past As breach rates have increased across the board wersquove seen a consistent pattern in previous years of this report that IT security spending clusters around the areas that have protected networks and systems during many IT security professionalsrsquo careers
5
Preventing data breaches is not an IT security spending priority
Figure 7 ndash IT security spending prioritiesSource 2019 Thales Data Threat Report SurveyIDC November 2018
Complianceprivacy requirements
Requirements from partnerscustomers
Increased use ofcloud computing
Implementingbest practices
Competitivestrategic concerns
Reputation andbrand protection
Avoiding databreach penalties
Previous data breach
Executive directive
47
43
39
33
31
30
30
26
21
Figure 8 ndash Meeting compliance requirementsSource 2019 Thales Data Threat Report SurveyIDC November 2018
2019 2018 2017 2016
1st priority 4th priority
Meeting compliance requirements as anIT security spending priority has been atop priority for the last three years
will be affected by data privacy or sovereigntyregulations such as APPI and GDPR
How will they comply
84
Encryption technologies
Encryptingpersonal data
Tokenizing personal data (an encryption
technology)
Use local hostingand cloud providers
Move to compliance locations
54
31
23
18
12
47 59 66 30
Executive Summary ndash 2019 Thales Data Threat Report Japan Edition
For the most part these are network and end-point protections rather than the security tools that are best for protecting sensitive data-at-rest and data-in-motion Essentially organizations continue to protect against todayrsquos threats in the newest technology environments with yesterdayrsquos tools Change is required to protect sensitive data in todayrsquos IT landscape and encryption is the critical foundation technology required
Another key finding this year is that although organizations have strong plans for adopting data security technologies actual implementation rates are low When asked where encryption technologies are deployed today to protect not only cloud environments but also big data IoT containers mobile payments social media and blockchain results in every category were 33 or less At the same time 67 of respondents indicate using sensitive data in cloud environments and 30 or more using sensitive data with other digital transformation technologies (with blockchain a bit lower at 29) These results suggest that in spite of good intentions sensitive data within these environments may be at risk
Nevertheless enterprise IT security professionals we polled in Japan clearly understood whatrsquos needed to solve the problem When selecting the information security technologies that they most needed to expand their secure usage of these critical environments encryption was a top choice
bullFor Cloud Encryption was the second ranked top tool needed to enable more cloud use (34)
bullFor Containers 55 identified encryption as the top IT security tool needed to expand use
bullFor Big Data 40 selected system level encryption and access controls as a critical tool needed to alleviate security concerns
bullFor IoT Encryption was required to increase IoT use (38)
Data Security doesnrsquot have to be hard and is vitally importantOrganizations need to take a fresh look at how they provide data security Against this backdrop analysts recommend that security professionals consider the following
bullFocus on all threat vectors
bullInvest in modern hybrid and multi-cloud-based data security tools and measures that scale to modern architecture
bullLook for solutions that let you do more with less
bullPrioritize compliance and sovereignty issues
bullEncryption is an important part of the mix
6
Encryption technologies (Encryption and Tokenization) were identified as the primary strategy to address data privacy and regulatory concerns
54
Encryption is a key driver for increased adoption and usages of digitally transformative technologies
34
Cloud
Containers
40
Big data
38
IoT
55
Figure 9 ndash Encryption for Cloud Big Data IoTand Containers adoptionSource 2019 Thales Data Threat Report Survey IDCNovember 2018
Figure 10 ndash Encryption usage ratesSource 2019 Thales Data Threat Report Survey
IDC November 2018
Encryption usage rates in Japan are low
IoT
DC filevolume
Public cloud
DB ndash fieldcolumn
Big data
FDE in datacenters
ContainersDocker
Nativestorage (SAN)
Cloud native
33
32
32
26
25
24
22
18
17
Executive Summary ndash 2019 Thales Data Threat Report Japan Edition
To download the full 2019 Thales Data Threat Report Japan Edition visit ThalesesecuritycomDTR-Japan
2019DataThreat
Our Sponsors
Todayrsquos enterprises depend on the cloud data and software in order to make decisive decisions Thatrsquos why the most respected brands and largest organizations in the world rely on Thales to help them protect and secure access to their most sensitive information and software wherever it is created shared or stored ndash from the cloud and data centers to devices and across networks Our solutions enable organizations to move to the cloud securely achieve compliance with confidence and create more value from their software in devices and services used by millions of consumers every day
About Thales Cloud Protection amp Licensing
About the 2019 Thales Data Threat Report ndash Japan Edition
7
This report is based on a global survey of 1200 executives with responsibility for or influence over IT and data security from nine countries and a range of industries with a primary emphasis on healthcare financial services retail and federal government organizations Job titles range from C-level executives including CEO CFO Chief Data Officer CISO Chief Data Scientist and Chief Risk Officer to SVPVP IT Administrator Security Analyst Security Engineer and Systems Administrator Respondents represent a broad range of organizational sizes with the majority ranging from 500 to 10000 employees The survey was conducted in November 2018
The report focuses on the findings from 100 Japanese respondents providing comparisons and contrast to respondents from other regional markets For global roll-up findings and analysis please see wwwthalesesecuritycomdtr
thalesesecuritycomDTR-Japan
2019DataThreat
Executive Summary ndash 2019 Thales Data Threat Report Japan Edition
The reality of the multi-cloud agency creates new risks for sensitive dataData now constitutes the ldquocrown jewelsrdquo of most organizations as they transition into todayrsquos information economy making the protection of sensitive information a critical priority However digital transformation fundamentally changes where data needs to be protected and how it needs to be secured And the cloud is both the most complex of these environments and the most widely deployed
This yearrsquos data shows that cloud usage continues to proliferate rapidly 83 of all respondents said they plan to use all three of the common cloud environment types ndash Infrastructure as a Service (IaaS) Software as a Service (SaaS) and Platform as a Service (PaaS) ndash within 12 months Moreover these deployments wonrsquot be to just one vendor or one platform 45 report that they will use three or more IaaS environments 43 three or more PaaS environments and more than 62 that they will use eleven or more SaaS environments Overall 67 report that they will also use sensitive data within at least one of these cloud environments This level of multi-cloud usage greatly compounds the difficulties Japanese enterprises face in protecting their sensitive data as each environment and often each implementation within the environment can require a unique data security approach
Tools that reduce multi-cloud data security complexity are criticalWith multi-cloud use the complexity of managing controlling and monitoring data security across all of these environments becomes a critical problem As a result itrsquos not surprising that complexity was identified by 39 of respondents as a barrier to data security deployment Lack of staff at 47 was the top barrier Meanwhile organizations need to stretch their IT security budgets to cover not only internal security but multiple outside and edge environments So budget is a critical concern Analysis of this yearrsquos results showed that the percentage of enterprises in Japan increasing IT security held steady with measurements from last year 2019 ndash 53 2018 ndash 54 With increased complexity in data environments and funding increases holding steady enterprises will need to get the highest possible return from their IT resources and spending Data security platforms and service offerings that can help organizations manage the complexity of spanning cloud on-premises and other environments are critical to meeting these needs
Encryption technologies are the top tools neededEncryption and tokenization solutions provide some of the strongest protection in todayrsquos data threat environment and respondents seem to understand this Respondents chose data encryption at 34 as the second most important item needed to alleviate data security concerns for cloud environments behind SLAs and liability terms in case of a data breach at 36
3
Figure 3 ndash Top concerns and mitigationsSource 2019 Thales Data Threat Report Survey
IDC November 2018
44are worried about security breaches and attacks at the cloud provider
45recognize SaaS encryption with enterprise encryption key management as a top solution to SaaS data security problems
Executive Summary ndash 2019 Thales Data Threat Report Japan Edition
Nearly half of Japanese enterprises encounter a data breachNot only are data breach rates high but heavy investments in IT and data security have not provided immunity
Therersquos a distressing pattern to the rates of data breaches identified Nearly half of all breached enterprises were breached in the last year and more than half of those breached in the last year have been breached previously The raw numbers show that 45 have been breached at some time in the past 21 were breached in the last year and 12 were breached both in the last year and previously
For many preventing data breaches is not an IT security spending priorityOne explanation for this may be the emphasis that enterprises are placing on their IT security spending priorities The results showed that avoiding data breaches and having previously encountered a data breach were two of the bottom three factors impacting IT security spending decisions What were the top IT security spending priorities Compliance and privacy requirements (47) followed by requirements from partners and customers (43) and increased use of cloud computing (39) If preventing data breaches isnrsquot a priority and threat levels continue to escalate it is no wonder breach rates continue to increase and that we find many serial data breach victims among enterprises in Japan (12)
A multi-layered approach to data security is requiredAs digital transformation expands the location number and type of threat vectors security solutions also need to be expanded and refocused to combat the problem Japanese respondents are at the back of the pack when it comes to expanding their focus from network security as a primary focus to adding equal focus to application and data security Today network security receives the largest share of security focus at 40 with application and data security at lower levels ndash 26 and 34 of focus respectively Making this shift wonrsquot be easy solutions in areas such as encryption and key management will need to shift to consolidated platforms that address multiple environments and use cases
4
Figure 4 ndash Number of cloud environmentsSource 2019 Thales Data Threat Report Survey IDC November 2018
Multi-cloud environments make the task of protecting sensitive data more complex
Number of cloud environments
IaaS PaaS SaaS
4 or more
2 or 3
1
4 or more
2 or 3
1
More than 100
26 - 100
1 - 25
Figure 5 ndash IT security spending increases declineSource 2019 Thales Data Threat Report SurveyIDC November 2018
With IT security spending increases remaining the same as in previous years the complexity of protecting data across multi-cloud environments leads to the need for data security platform and service solutions that can keep costs in line while reducing complexity
5354
2018 2019
Nearly half of Japanese enterprises encounter a data breach
Figure 6 ndash Data breach resistanceFew agencies are successfulSource 2019 Thales Data Threat Report SurveyIDC November 2018
45of Japanese enterprises encountered a data breach in the past with
breached in the last year
21
(ever) (in the last year)
(ever) (in the last year)
60 30
65 36
Global
US
Executive Summary ndash 2019 Thales Data Threat Report Japan Edition
Regulatory and compliance changes introduce new challengesEnterprises in Japan must cope with not only industry specific guidelines for financial institutions and credit card processing that apply worldwide (such as PCI DSS) and Japanrsquos national data privacy law (APPI) but multinationals must also cope with global regulations such as GDPR in the European Union and over 100 other national privacy laws around the world In our survey 84 reported that they would be affected by these regulations
Respondents also identified compliance requirements as an area of concern for digital transformation environments especially for cloud big data and containers
bullCloud 34 are very or extremely concerned about meeting compliance requirements in public cloud environments
bullBig Data 38 are concerned about data privacy violations
bullContainers 37 are concerned about privacy violations from shared container resource use
As the complexity and number of compliance and regulatory requirements have increased so have Japanese organizationsrsquo failure rates when audited for implementation of these standards Results from our survey showed that while only 9 of respondents reported their enterprise had failed a data security compliance audit more than twelve months previously 18 ndash twice that number ndash failed a data security audit within the last year
For global enterprises that also operate outside of Japan the potential for substantial penalties and the requirements for detailed audits of data usage continue to increase around the world For instance the European Unionrsquos General Data Protection Regulation (GDPR) outlines potential fines of up to 4 of global sales As a result enterprises in Japan are taking steps to address these regulations Plans center around encryption and tokenization (an encryption technology) with the top selection being encryption at 31 with tokenization the second highest selection at 23
Encryption is a critical solution to data security problemsAs digital transformation results in a migration of data away from enterprisesrsquo traditional perimeters the solutions relied on in the past to protect data are no longer sufficient Fundamentally implementing digital transformation and especially cloud-based solutions and tools changes what needs to be protected and how it needs to be protected
Yet the data security stances of Japanese enterprises often seem stuck in the past As breach rates have increased across the board wersquove seen a consistent pattern in previous years of this report that IT security spending clusters around the areas that have protected networks and systems during many IT security professionalsrsquo careers
5
Preventing data breaches is not an IT security spending priority
Figure 7 ndash IT security spending prioritiesSource 2019 Thales Data Threat Report SurveyIDC November 2018
Complianceprivacy requirements
Requirements from partnerscustomers
Increased use ofcloud computing
Implementingbest practices
Competitivestrategic concerns
Reputation andbrand protection
Avoiding databreach penalties
Previous data breach
Executive directive
47
43
39
33
31
30
30
26
21
Figure 8 ndash Meeting compliance requirementsSource 2019 Thales Data Threat Report SurveyIDC November 2018
2019 2018 2017 2016
1st priority 4th priority
Meeting compliance requirements as anIT security spending priority has been atop priority for the last three years
will be affected by data privacy or sovereigntyregulations such as APPI and GDPR
How will they comply
84
Encryption technologies
Encryptingpersonal data
Tokenizing personal data (an encryption
technology)
Use local hostingand cloud providers
Move to compliance locations
54
31
23
18
12
47 59 66 30
Executive Summary ndash 2019 Thales Data Threat Report Japan Edition
For the most part these are network and end-point protections rather than the security tools that are best for protecting sensitive data-at-rest and data-in-motion Essentially organizations continue to protect against todayrsquos threats in the newest technology environments with yesterdayrsquos tools Change is required to protect sensitive data in todayrsquos IT landscape and encryption is the critical foundation technology required
Another key finding this year is that although organizations have strong plans for adopting data security technologies actual implementation rates are low When asked where encryption technologies are deployed today to protect not only cloud environments but also big data IoT containers mobile payments social media and blockchain results in every category were 33 or less At the same time 67 of respondents indicate using sensitive data in cloud environments and 30 or more using sensitive data with other digital transformation technologies (with blockchain a bit lower at 29) These results suggest that in spite of good intentions sensitive data within these environments may be at risk
Nevertheless enterprise IT security professionals we polled in Japan clearly understood whatrsquos needed to solve the problem When selecting the information security technologies that they most needed to expand their secure usage of these critical environments encryption was a top choice
bullFor Cloud Encryption was the second ranked top tool needed to enable more cloud use (34)
bullFor Containers 55 identified encryption as the top IT security tool needed to expand use
bullFor Big Data 40 selected system level encryption and access controls as a critical tool needed to alleviate security concerns
bullFor IoT Encryption was required to increase IoT use (38)
Data Security doesnrsquot have to be hard and is vitally importantOrganizations need to take a fresh look at how they provide data security Against this backdrop analysts recommend that security professionals consider the following
bullFocus on all threat vectors
bullInvest in modern hybrid and multi-cloud-based data security tools and measures that scale to modern architecture
bullLook for solutions that let you do more with less
bullPrioritize compliance and sovereignty issues
bullEncryption is an important part of the mix
6
Encryption technologies (Encryption and Tokenization) were identified as the primary strategy to address data privacy and regulatory concerns
54
Encryption is a key driver for increased adoption and usages of digitally transformative technologies
34
Cloud
Containers
40
Big data
38
IoT
55
Figure 9 ndash Encryption for Cloud Big Data IoTand Containers adoptionSource 2019 Thales Data Threat Report Survey IDCNovember 2018
Figure 10 ndash Encryption usage ratesSource 2019 Thales Data Threat Report Survey
IDC November 2018
Encryption usage rates in Japan are low
IoT
DC filevolume
Public cloud
DB ndash fieldcolumn
Big data
FDE in datacenters
ContainersDocker
Nativestorage (SAN)
Cloud native
33
32
32
26
25
24
22
18
17
Executive Summary ndash 2019 Thales Data Threat Report Japan Edition
To download the full 2019 Thales Data Threat Report Japan Edition visit ThalesesecuritycomDTR-Japan
2019DataThreat
Our Sponsors
Todayrsquos enterprises depend on the cloud data and software in order to make decisive decisions Thatrsquos why the most respected brands and largest organizations in the world rely on Thales to help them protect and secure access to their most sensitive information and software wherever it is created shared or stored ndash from the cloud and data centers to devices and across networks Our solutions enable organizations to move to the cloud securely achieve compliance with confidence and create more value from their software in devices and services used by millions of consumers every day
About Thales Cloud Protection amp Licensing
About the 2019 Thales Data Threat Report ndash Japan Edition
7
This report is based on a global survey of 1200 executives with responsibility for or influence over IT and data security from nine countries and a range of industries with a primary emphasis on healthcare financial services retail and federal government organizations Job titles range from C-level executives including CEO CFO Chief Data Officer CISO Chief Data Scientist and Chief Risk Officer to SVPVP IT Administrator Security Analyst Security Engineer and Systems Administrator Respondents represent a broad range of organizational sizes with the majority ranging from 500 to 10000 employees The survey was conducted in November 2018
The report focuses on the findings from 100 Japanese respondents providing comparisons and contrast to respondents from other regional markets For global roll-up findings and analysis please see wwwthalesesecuritycomdtr
thalesesecuritycomDTR-Japan
2019DataThreat
Executive Summary ndash 2019 Thales Data Threat Report Japan Edition
Nearly half of Japanese enterprises encounter a data breachNot only are data breach rates high but heavy investments in IT and data security have not provided immunity
Therersquos a distressing pattern to the rates of data breaches identified Nearly half of all breached enterprises were breached in the last year and more than half of those breached in the last year have been breached previously The raw numbers show that 45 have been breached at some time in the past 21 were breached in the last year and 12 were breached both in the last year and previously
For many preventing data breaches is not an IT security spending priorityOne explanation for this may be the emphasis that enterprises are placing on their IT security spending priorities The results showed that avoiding data breaches and having previously encountered a data breach were two of the bottom three factors impacting IT security spending decisions What were the top IT security spending priorities Compliance and privacy requirements (47) followed by requirements from partners and customers (43) and increased use of cloud computing (39) If preventing data breaches isnrsquot a priority and threat levels continue to escalate it is no wonder breach rates continue to increase and that we find many serial data breach victims among enterprises in Japan (12)
A multi-layered approach to data security is requiredAs digital transformation expands the location number and type of threat vectors security solutions also need to be expanded and refocused to combat the problem Japanese respondents are at the back of the pack when it comes to expanding their focus from network security as a primary focus to adding equal focus to application and data security Today network security receives the largest share of security focus at 40 with application and data security at lower levels ndash 26 and 34 of focus respectively Making this shift wonrsquot be easy solutions in areas such as encryption and key management will need to shift to consolidated platforms that address multiple environments and use cases
4
Figure 4 ndash Number of cloud environmentsSource 2019 Thales Data Threat Report Survey IDC November 2018
Multi-cloud environments make the task of protecting sensitive data more complex
Number of cloud environments
IaaS PaaS SaaS
4 or more
2 or 3
1
4 or more
2 or 3
1
More than 100
26 - 100
1 - 25
Figure 5 ndash IT security spending increases declineSource 2019 Thales Data Threat Report SurveyIDC November 2018
With IT security spending increases remaining the same as in previous years the complexity of protecting data across multi-cloud environments leads to the need for data security platform and service solutions that can keep costs in line while reducing complexity
5354
2018 2019
Nearly half of Japanese enterprises encounter a data breach
Figure 6 ndash Data breach resistanceFew agencies are successfulSource 2019 Thales Data Threat Report SurveyIDC November 2018
45of Japanese enterprises encountered a data breach in the past with
breached in the last year
21
(ever) (in the last year)
(ever) (in the last year)
60 30
65 36
Global
US
Executive Summary ndash 2019 Thales Data Threat Report Japan Edition
Regulatory and compliance changes introduce new challengesEnterprises in Japan must cope with not only industry specific guidelines for financial institutions and credit card processing that apply worldwide (such as PCI DSS) and Japanrsquos national data privacy law (APPI) but multinationals must also cope with global regulations such as GDPR in the European Union and over 100 other national privacy laws around the world In our survey 84 reported that they would be affected by these regulations
Respondents also identified compliance requirements as an area of concern for digital transformation environments especially for cloud big data and containers
bullCloud 34 are very or extremely concerned about meeting compliance requirements in public cloud environments
bullBig Data 38 are concerned about data privacy violations
bullContainers 37 are concerned about privacy violations from shared container resource use
As the complexity and number of compliance and regulatory requirements have increased so have Japanese organizationsrsquo failure rates when audited for implementation of these standards Results from our survey showed that while only 9 of respondents reported their enterprise had failed a data security compliance audit more than twelve months previously 18 ndash twice that number ndash failed a data security audit within the last year
For global enterprises that also operate outside of Japan the potential for substantial penalties and the requirements for detailed audits of data usage continue to increase around the world For instance the European Unionrsquos General Data Protection Regulation (GDPR) outlines potential fines of up to 4 of global sales As a result enterprises in Japan are taking steps to address these regulations Plans center around encryption and tokenization (an encryption technology) with the top selection being encryption at 31 with tokenization the second highest selection at 23
Encryption is a critical solution to data security problemsAs digital transformation results in a migration of data away from enterprisesrsquo traditional perimeters the solutions relied on in the past to protect data are no longer sufficient Fundamentally implementing digital transformation and especially cloud-based solutions and tools changes what needs to be protected and how it needs to be protected
Yet the data security stances of Japanese enterprises often seem stuck in the past As breach rates have increased across the board wersquove seen a consistent pattern in previous years of this report that IT security spending clusters around the areas that have protected networks and systems during many IT security professionalsrsquo careers
5
Preventing data breaches is not an IT security spending priority
Figure 7 ndash IT security spending prioritiesSource 2019 Thales Data Threat Report SurveyIDC November 2018
Complianceprivacy requirements
Requirements from partnerscustomers
Increased use ofcloud computing
Implementingbest practices
Competitivestrategic concerns
Reputation andbrand protection
Avoiding databreach penalties
Previous data breach
Executive directive
47
43
39
33
31
30
30
26
21
Figure 8 ndash Meeting compliance requirementsSource 2019 Thales Data Threat Report SurveyIDC November 2018
2019 2018 2017 2016
1st priority 4th priority
Meeting compliance requirements as anIT security spending priority has been atop priority for the last three years
will be affected by data privacy or sovereigntyregulations such as APPI and GDPR
How will they comply
84
Encryption technologies
Encryptingpersonal data
Tokenizing personal data (an encryption
technology)
Use local hostingand cloud providers
Move to compliance locations
54
31
23
18
12
47 59 66 30
Executive Summary ndash 2019 Thales Data Threat Report Japan Edition
For the most part these are network and end-point protections rather than the security tools that are best for protecting sensitive data-at-rest and data-in-motion Essentially organizations continue to protect against todayrsquos threats in the newest technology environments with yesterdayrsquos tools Change is required to protect sensitive data in todayrsquos IT landscape and encryption is the critical foundation technology required
Another key finding this year is that although organizations have strong plans for adopting data security technologies actual implementation rates are low When asked where encryption technologies are deployed today to protect not only cloud environments but also big data IoT containers mobile payments social media and blockchain results in every category were 33 or less At the same time 67 of respondents indicate using sensitive data in cloud environments and 30 or more using sensitive data with other digital transformation technologies (with blockchain a bit lower at 29) These results suggest that in spite of good intentions sensitive data within these environments may be at risk
Nevertheless enterprise IT security professionals we polled in Japan clearly understood whatrsquos needed to solve the problem When selecting the information security technologies that they most needed to expand their secure usage of these critical environments encryption was a top choice
bullFor Cloud Encryption was the second ranked top tool needed to enable more cloud use (34)
bullFor Containers 55 identified encryption as the top IT security tool needed to expand use
bullFor Big Data 40 selected system level encryption and access controls as a critical tool needed to alleviate security concerns
bullFor IoT Encryption was required to increase IoT use (38)
Data Security doesnrsquot have to be hard and is vitally importantOrganizations need to take a fresh look at how they provide data security Against this backdrop analysts recommend that security professionals consider the following
bullFocus on all threat vectors
bullInvest in modern hybrid and multi-cloud-based data security tools and measures that scale to modern architecture
bullLook for solutions that let you do more with less
bullPrioritize compliance and sovereignty issues
bullEncryption is an important part of the mix
6
Encryption technologies (Encryption and Tokenization) were identified as the primary strategy to address data privacy and regulatory concerns
54
Encryption is a key driver for increased adoption and usages of digitally transformative technologies
34
Cloud
Containers
40
Big data
38
IoT
55
Figure 9 ndash Encryption for Cloud Big Data IoTand Containers adoptionSource 2019 Thales Data Threat Report Survey IDCNovember 2018
Figure 10 ndash Encryption usage ratesSource 2019 Thales Data Threat Report Survey
IDC November 2018
Encryption usage rates in Japan are low
IoT
DC filevolume
Public cloud
DB ndash fieldcolumn
Big data
FDE in datacenters
ContainersDocker
Nativestorage (SAN)
Cloud native
33
32
32
26
25
24
22
18
17
Executive Summary ndash 2019 Thales Data Threat Report Japan Edition
To download the full 2019 Thales Data Threat Report Japan Edition visit ThalesesecuritycomDTR-Japan
2019DataThreat
Our Sponsors
Todayrsquos enterprises depend on the cloud data and software in order to make decisive decisions Thatrsquos why the most respected brands and largest organizations in the world rely on Thales to help them protect and secure access to their most sensitive information and software wherever it is created shared or stored ndash from the cloud and data centers to devices and across networks Our solutions enable organizations to move to the cloud securely achieve compliance with confidence and create more value from their software in devices and services used by millions of consumers every day
About Thales Cloud Protection amp Licensing
About the 2019 Thales Data Threat Report ndash Japan Edition
7
This report is based on a global survey of 1200 executives with responsibility for or influence over IT and data security from nine countries and a range of industries with a primary emphasis on healthcare financial services retail and federal government organizations Job titles range from C-level executives including CEO CFO Chief Data Officer CISO Chief Data Scientist and Chief Risk Officer to SVPVP IT Administrator Security Analyst Security Engineer and Systems Administrator Respondents represent a broad range of organizational sizes with the majority ranging from 500 to 10000 employees The survey was conducted in November 2018
The report focuses on the findings from 100 Japanese respondents providing comparisons and contrast to respondents from other regional markets For global roll-up findings and analysis please see wwwthalesesecuritycomdtr
thalesesecuritycomDTR-Japan
2019DataThreat
Executive Summary ndash 2019 Thales Data Threat Report Japan Edition
Regulatory and compliance changes introduce new challengesEnterprises in Japan must cope with not only industry specific guidelines for financial institutions and credit card processing that apply worldwide (such as PCI DSS) and Japanrsquos national data privacy law (APPI) but multinationals must also cope with global regulations such as GDPR in the European Union and over 100 other national privacy laws around the world In our survey 84 reported that they would be affected by these regulations
Respondents also identified compliance requirements as an area of concern for digital transformation environments especially for cloud big data and containers
bullCloud 34 are very or extremely concerned about meeting compliance requirements in public cloud environments
bullBig Data 38 are concerned about data privacy violations
bullContainers 37 are concerned about privacy violations from shared container resource use
As the complexity and number of compliance and regulatory requirements have increased so have Japanese organizationsrsquo failure rates when audited for implementation of these standards Results from our survey showed that while only 9 of respondents reported their enterprise had failed a data security compliance audit more than twelve months previously 18 ndash twice that number ndash failed a data security audit within the last year
For global enterprises that also operate outside of Japan the potential for substantial penalties and the requirements for detailed audits of data usage continue to increase around the world For instance the European Unionrsquos General Data Protection Regulation (GDPR) outlines potential fines of up to 4 of global sales As a result enterprises in Japan are taking steps to address these regulations Plans center around encryption and tokenization (an encryption technology) with the top selection being encryption at 31 with tokenization the second highest selection at 23
Encryption is a critical solution to data security problemsAs digital transformation results in a migration of data away from enterprisesrsquo traditional perimeters the solutions relied on in the past to protect data are no longer sufficient Fundamentally implementing digital transformation and especially cloud-based solutions and tools changes what needs to be protected and how it needs to be protected
Yet the data security stances of Japanese enterprises often seem stuck in the past As breach rates have increased across the board wersquove seen a consistent pattern in previous years of this report that IT security spending clusters around the areas that have protected networks and systems during many IT security professionalsrsquo careers
5
Preventing data breaches is not an IT security spending priority
Figure 7 ndash IT security spending prioritiesSource 2019 Thales Data Threat Report SurveyIDC November 2018
Complianceprivacy requirements
Requirements from partnerscustomers
Increased use ofcloud computing
Implementingbest practices
Competitivestrategic concerns
Reputation andbrand protection
Avoiding databreach penalties
Previous data breach
Executive directive
47
43
39
33
31
30
30
26
21
Figure 8 ndash Meeting compliance requirementsSource 2019 Thales Data Threat Report SurveyIDC November 2018
2019 2018 2017 2016
1st priority 4th priority
Meeting compliance requirements as anIT security spending priority has been atop priority for the last three years
will be affected by data privacy or sovereigntyregulations such as APPI and GDPR
How will they comply
84
Encryption technologies
Encryptingpersonal data
Tokenizing personal data (an encryption
technology)
Use local hostingand cloud providers
Move to compliance locations
54
31
23
18
12
47 59 66 30
Executive Summary ndash 2019 Thales Data Threat Report Japan Edition
For the most part these are network and end-point protections rather than the security tools that are best for protecting sensitive data-at-rest and data-in-motion Essentially organizations continue to protect against todayrsquos threats in the newest technology environments with yesterdayrsquos tools Change is required to protect sensitive data in todayrsquos IT landscape and encryption is the critical foundation technology required
Another key finding this year is that although organizations have strong plans for adopting data security technologies actual implementation rates are low When asked where encryption technologies are deployed today to protect not only cloud environments but also big data IoT containers mobile payments social media and blockchain results in every category were 33 or less At the same time 67 of respondents indicate using sensitive data in cloud environments and 30 or more using sensitive data with other digital transformation technologies (with blockchain a bit lower at 29) These results suggest that in spite of good intentions sensitive data within these environments may be at risk
Nevertheless enterprise IT security professionals we polled in Japan clearly understood whatrsquos needed to solve the problem When selecting the information security technologies that they most needed to expand their secure usage of these critical environments encryption was a top choice
bullFor Cloud Encryption was the second ranked top tool needed to enable more cloud use (34)
bullFor Containers 55 identified encryption as the top IT security tool needed to expand use
bullFor Big Data 40 selected system level encryption and access controls as a critical tool needed to alleviate security concerns
bullFor IoT Encryption was required to increase IoT use (38)
Data Security doesnrsquot have to be hard and is vitally importantOrganizations need to take a fresh look at how they provide data security Against this backdrop analysts recommend that security professionals consider the following
bullFocus on all threat vectors
bullInvest in modern hybrid and multi-cloud-based data security tools and measures that scale to modern architecture
bullLook for solutions that let you do more with less
bullPrioritize compliance and sovereignty issues
bullEncryption is an important part of the mix
6
Encryption technologies (Encryption and Tokenization) were identified as the primary strategy to address data privacy and regulatory concerns
54
Encryption is a key driver for increased adoption and usages of digitally transformative technologies
34
Cloud
Containers
40
Big data
38
IoT
55
Figure 9 ndash Encryption for Cloud Big Data IoTand Containers adoptionSource 2019 Thales Data Threat Report Survey IDCNovember 2018
Figure 10 ndash Encryption usage ratesSource 2019 Thales Data Threat Report Survey
IDC November 2018
Encryption usage rates in Japan are low
IoT
DC filevolume
Public cloud
DB ndash fieldcolumn
Big data
FDE in datacenters
ContainersDocker
Nativestorage (SAN)
Cloud native
33
32
32
26
25
24
22
18
17
Executive Summary ndash 2019 Thales Data Threat Report Japan Edition
To download the full 2019 Thales Data Threat Report Japan Edition visit ThalesesecuritycomDTR-Japan
2019DataThreat
Our Sponsors
Todayrsquos enterprises depend on the cloud data and software in order to make decisive decisions Thatrsquos why the most respected brands and largest organizations in the world rely on Thales to help them protect and secure access to their most sensitive information and software wherever it is created shared or stored ndash from the cloud and data centers to devices and across networks Our solutions enable organizations to move to the cloud securely achieve compliance with confidence and create more value from their software in devices and services used by millions of consumers every day
About Thales Cloud Protection amp Licensing
About the 2019 Thales Data Threat Report ndash Japan Edition
7
This report is based on a global survey of 1200 executives with responsibility for or influence over IT and data security from nine countries and a range of industries with a primary emphasis on healthcare financial services retail and federal government organizations Job titles range from C-level executives including CEO CFO Chief Data Officer CISO Chief Data Scientist and Chief Risk Officer to SVPVP IT Administrator Security Analyst Security Engineer and Systems Administrator Respondents represent a broad range of organizational sizes with the majority ranging from 500 to 10000 employees The survey was conducted in November 2018
The report focuses on the findings from 100 Japanese respondents providing comparisons and contrast to respondents from other regional markets For global roll-up findings and analysis please see wwwthalesesecuritycomdtr
thalesesecuritycomDTR-Japan
2019DataThreat
Executive Summary ndash 2019 Thales Data Threat Report Japan Edition
For the most part these are network and end-point protections rather than the security tools that are best for protecting sensitive data-at-rest and data-in-motion Essentially organizations continue to protect against todayrsquos threats in the newest technology environments with yesterdayrsquos tools Change is required to protect sensitive data in todayrsquos IT landscape and encryption is the critical foundation technology required
Another key finding this year is that although organizations have strong plans for adopting data security technologies actual implementation rates are low When asked where encryption technologies are deployed today to protect not only cloud environments but also big data IoT containers mobile payments social media and blockchain results in every category were 33 or less At the same time 67 of respondents indicate using sensitive data in cloud environments and 30 or more using sensitive data with other digital transformation technologies (with blockchain a bit lower at 29) These results suggest that in spite of good intentions sensitive data within these environments may be at risk
Nevertheless enterprise IT security professionals we polled in Japan clearly understood whatrsquos needed to solve the problem When selecting the information security technologies that they most needed to expand their secure usage of these critical environments encryption was a top choice
bullFor Cloud Encryption was the second ranked top tool needed to enable more cloud use (34)
bullFor Containers 55 identified encryption as the top IT security tool needed to expand use
bullFor Big Data 40 selected system level encryption and access controls as a critical tool needed to alleviate security concerns
bullFor IoT Encryption was required to increase IoT use (38)
Data Security doesnrsquot have to be hard and is vitally importantOrganizations need to take a fresh look at how they provide data security Against this backdrop analysts recommend that security professionals consider the following
bullFocus on all threat vectors
bullInvest in modern hybrid and multi-cloud-based data security tools and measures that scale to modern architecture
bullLook for solutions that let you do more with less
bullPrioritize compliance and sovereignty issues
bullEncryption is an important part of the mix
6
Encryption technologies (Encryption and Tokenization) were identified as the primary strategy to address data privacy and regulatory concerns
54
Encryption is a key driver for increased adoption and usages of digitally transformative technologies
34
Cloud
Containers
40
Big data
38
IoT
55
Figure 9 ndash Encryption for Cloud Big Data IoTand Containers adoptionSource 2019 Thales Data Threat Report Survey IDCNovember 2018
Figure 10 ndash Encryption usage ratesSource 2019 Thales Data Threat Report Survey
IDC November 2018
Encryption usage rates in Japan are low
IoT
DC filevolume
Public cloud
DB ndash fieldcolumn
Big data
FDE in datacenters
ContainersDocker
Nativestorage (SAN)
Cloud native
33
32
32
26
25
24
22
18
17
Executive Summary ndash 2019 Thales Data Threat Report Japan Edition
To download the full 2019 Thales Data Threat Report Japan Edition visit ThalesesecuritycomDTR-Japan
2019DataThreat
Our Sponsors
Todayrsquos enterprises depend on the cloud data and software in order to make decisive decisions Thatrsquos why the most respected brands and largest organizations in the world rely on Thales to help them protect and secure access to their most sensitive information and software wherever it is created shared or stored ndash from the cloud and data centers to devices and across networks Our solutions enable organizations to move to the cloud securely achieve compliance with confidence and create more value from their software in devices and services used by millions of consumers every day
About Thales Cloud Protection amp Licensing
About the 2019 Thales Data Threat Report ndash Japan Edition
7
This report is based on a global survey of 1200 executives with responsibility for or influence over IT and data security from nine countries and a range of industries with a primary emphasis on healthcare financial services retail and federal government organizations Job titles range from C-level executives including CEO CFO Chief Data Officer CISO Chief Data Scientist and Chief Risk Officer to SVPVP IT Administrator Security Analyst Security Engineer and Systems Administrator Respondents represent a broad range of organizational sizes with the majority ranging from 500 to 10000 employees The survey was conducted in November 2018
The report focuses on the findings from 100 Japanese respondents providing comparisons and contrast to respondents from other regional markets For global roll-up findings and analysis please see wwwthalesesecuritycomdtr
thalesesecuritycomDTR-Japan
2019DataThreat
Executive Summary ndash 2019 Thales Data Threat Report Japan Edition
To download the full 2019 Thales Data Threat Report Japan Edition visit ThalesesecuritycomDTR-Japan
2019DataThreat
Our Sponsors
Todayrsquos enterprises depend on the cloud data and software in order to make decisive decisions Thatrsquos why the most respected brands and largest organizations in the world rely on Thales to help them protect and secure access to their most sensitive information and software wherever it is created shared or stored ndash from the cloud and data centers to devices and across networks Our solutions enable organizations to move to the cloud securely achieve compliance with confidence and create more value from their software in devices and services used by millions of consumers every day
About Thales Cloud Protection amp Licensing
About the 2019 Thales Data Threat Report ndash Japan Edition
7
This report is based on a global survey of 1200 executives with responsibility for or influence over IT and data security from nine countries and a range of industries with a primary emphasis on healthcare financial services retail and federal government organizations Job titles range from C-level executives including CEO CFO Chief Data Officer CISO Chief Data Scientist and Chief Risk Officer to SVPVP IT Administrator Security Analyst Security Engineer and Systems Administrator Respondents represent a broad range of organizational sizes with the majority ranging from 500 to 10000 employees The survey was conducted in November 2018
The report focuses on the findings from 100 Japanese respondents providing comparisons and contrast to respondents from other regional markets For global roll-up findings and analysis please see wwwthalesesecuritycomdtr
thalesesecuritycomDTR-Japan
2019DataThreat
thalesesecuritycomDTR-Japan
2019DataThreat
