Security is still an afterthought when it comes to adopting new technologies, often taking a back seat amidst the rush to stake a claim in a promising new market. That is according to a survey by Vormetric, a data security product company. Its cloud, big data and Internet of Things (IoT) focused edition of the 2016 Vormetric Data Threat Report (DTR) was issued with analyst firm 451 Research.
Garrett Bekker, senior analyst, information security, at 451 Research and the author of the report said: “We found that enterprises are storing sensitive data in just these types of environments – 85 per cent in cloud, 50 per cent in big data, and 33 per cent in IoT. Many have strong concerns about the security of their data as a result.”
Storage of critical information within cloud and big data environments also continues to increase, adding to these concerns:
Cloud: 85 percent of respondents are using sensitive data in the cloud, up from 54 percent last year
Big Data: 50 percent are using sensitive data within big data implementations, up from 31 percent previously
Even as they move forward with adopting cloud services, and in some cases believe that cloud environments are more secure than their local IT infrastructure, enterprises remain concerned about the security of their information. When respondents were asked about the top data security concerns for cloud services:
70 percent (75 percent US) note security breaches / attacks at the service provider
66 percent (73 percent US) cite increased vulnerabilities from shared infrastructure
66 percent (70 percent US) call out lack of control over the location of data
65 percent (71 percent US) select lack of a data privacy policy or privacy service level agreement
For cloud service providers who want to grow their enterprise business, respondents cited four top changes that would increase their willingness to use cloud services:
48 percent (49 percent US) ask for encryption of data with enterprise key control on their premises
36 percent (35 percent US) desire detailed physical and IT security implementation information
35 percent (34 percent US) select encryption of their organisation’s data within the service provider’s infrastructure
27 percent (global and US) also want exposure of security monitoring data for their information.
According to the firm, this year enterprises seem to have realised that control and management of encryption keys is the critical link in securing their data in the cloud. Only 35 percent cite management of encryption keys by the cloud provider as a way to increase their usage of cloud, down from 53 percent last year.
Half of all respondents are planning to store sensitive information within big data environments (up from 31 per cent last year); big data environments have become a much greater concern for enterprises as a possible point of compromise, and as a focus for compliance efforts. Big data projects frequently rely on cloud-based service delivery, causing double jeopardy issues. For many organisations the threats found in cloud environments are then added to their concerns with big data.
Focus on IoT
Bekker said: “IoT promises to present a security hurdle of epic proportions.Given the vast amounts of data that could theoretically be generated by IoT devices and platforms, much of it sensitive in nature, enterprises would be well served to develop corporate policies that clearly delineate what will be collected, who will have access, how the data is used, and how long it will be retained.”
Though only a third of organisations expect to have sensitive data within IoT implementations, they have strong concerns about the safety of that information:
Protecting sensitive data generated by IoT (35pc)
Privacy violations (30pc)
Identifying which data is sensitive (29pc)
Privileged user access to IoT data and devices (28pc)
Attacks on IoT devices may impact critical operations (27pc)
Fueling these concerns is also the intersection of IoT with big data, which has the potential to create a new class of risks. This class of risks centres on the potential for privacy violations when large, seemingly innocuous IoT data sets are combined, or are analysed with other information.
Tina Stewart, VP of marketing for Vormetric, said: “As cloud, big data and IoT adoption accelerates, these technologies continue to bring new sets of unique risks to organisations. These risks are driven by the nature of these emerging technology solutions, and the breakneck speed at which new offerings are being developed. With the recent emergence of offerings that have increased data security options built in, or available through partners, service providers and offerings are gradually making available the security controls that enterprises need to meet regulatory and compliance obligations as well as other data security requirements. But there is still much work to be done.”
About the survey
Polling for the report features the responses of 1100 senior IT security executives at large enterprises worldwide. Results and research reports are available from Vormetric: http://www.vormetric.com/campaigns/datathreat/2016/.
Methodology
The data in this study is based on Web and phone interviews of 1114 senior executives in Australia, Brazil, Germany, Japan, the UK and the US.
