Data is constantly moving between data centers, headquarters, branch offices, cloud environments, and remote users. That network infrastructure is effectively your on‑ramp to doing business, so if data in motion is not protected, it becomes a prime target. Recent Thales research with IT and cybersecurity decision‑makers shows several gaps: - Only 9% of enterprises believe they have a proactive cybersecurity strategy that keeps up with evolving threats. - Just 58% of organizations say they encrypt their data in motion. - 69% rely on firewalls or IPsec to protect network data in motion, often assuming that public and private networks are secure when they are not. Firewalls are important, but they do not protect unencrypted data if an attacker gets past the perimeter. IPsec, a 25‑year‑old protocol, was not designed for today’s high‑bandwidth networks and can force you to compromise on both performance and security. With more data moving over unsecured networks due to cloud adoption and hybrid work, encrypting data in motion with dedicated, purpose‑built network data encryption solutions helps you: - Reduce the risk of unauthorized access and data breaches. - Meet growing regulatory and data breach notification requirements. - Support digital transformation initiatives, including multi‑cloud and remote access, without exposing sensitive information. In short, if your business depends on the network, your security strategy needs to treat data in motion as a first‑class risk area, not an afterthought.

Firewalls and IPsec are valuable, but the survey data suggests they are often over‑relied on and misunderstood when it comes to protecting data in motion. Key findings from the Thales cybersecurity survey: - 69% of respondents use firewalls or IPsec to encrypt network data in motion, often unaware of their security and performance limitations. - Many organizations assume that public and private networks are secure, even though data frequently flows unencrypted. Some of the limitations highlighted include: - Firewalls focus on controlling access and blocking attacks at the perimeter; they do not protect unencrypted data if a breach occurs inside the network. - IPsec was not designed for modern high‑bandwidth environments, which can lead to performance bottlenecks. - Common compromises include open access, no automated key rotation, and lack of active tamper response. - Around 70% of organizations depend on frequent, time‑consuming software patches to keep older solutions up to date, which can disrupt business operations. Dedicated, purpose‑built network data encryption solutions are designed to: - Provide strong, consistent encryption for data in motion across diverse network types. - Automate key management and rotation, reducing operational risk. - Separate security duties from network operations, which 85% of survey respondents view as important for maximum data protection. If you are relying solely on firewalls and IPsec, it is worth reassessing whether they align with your bandwidth, performance, and risk requirements, and whether a dedicated encryption layer would give you more predictable protection and simpler compliance.

Many network and security teams recognize that their current tools were built for yesterday’s networks, not for SDN, multi‑cloud, and future post‑quantum threats. The Thales survey notes that most organizations are aware of these trends but lack the time and strategy to address them. Here are practical steps to start preparing: 1. **Modernize your approach to data in motion encryption** Move away from fragmented, ad‑hoc encryption and toward dedicated, purpose‑built network data encryption solutions that can integrate with SDN and virtualized environments. This helps you: - Maintain consistent protection as traffic patterns change. - Support DevSecOps practices, so security works with, not against, business agility. 2. **Strengthen key management and separation of duties** The survey shows that: - 86% of respondents understand that securing encryption keys is critical. - 85% value a clear separation of duties between security and network operations. Integrated Hardware Security Modules (HSMs) and centralized key management can help you: - Protect keys used for network encryption and application security. - Enforce clear roles and responsibilities, which supports compliance and reduces insider risk. 3. **Start planning for post‑quantum cryptography now** Although large‑scale quantum attacks are projected to be a few years away, the guidance is to start planning today. Thales recommends: - Taking a post‑quantum risk assessment to understand where you are exposed. - Identifying critical systems and data that require long‑term confidentiality. - Building a roadmap to migrate to post‑quantum‑resistant algorithms as standards mature. 4. **Leverage industry research and best‑practice guides** Thales provides resources such as: - The Thales Data Threat Reports (including a Financial Services edition) for insights into global and sector‑specific risks. - The CyberSecurity Survey on data in motion weaknesses. - Guides on API security, CIAM, access management, and software licensing. Using these, you can benchmark your posture against peers, refine your risk management strategy, and reimagine how encryption, access management, and licensing fit into your broader digital transformation. By taking these steps now, you position your organization to handle SDN, multi‑cloud, and post‑quantum changes with less disruption and more predictable security outcomes.