IT Pros: Cloud Providers Shouldn't Turn Over Encrypted Data - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Cloud
News
8/15/2016
08:05 AM
50%
50%

IT Pros: Cloud Providers Shouldn't Turn Over Encrypted Data

While some IT professionals believe that cloud computing vendors should turn over encrypted data to government agencies, 55% believe that it is not right, according to a new survey from CSA and Bitglass. The report also found that confidence in cloud vendor security is growing.

9 Promising Cloud Security Startups To Watch
9 Promising Cloud Security Startups To Watch
(Click image for larger view and slideshow.)

More than one in three IT professionals believe cloud providers should turn over encrypted data to the government when they are asked. However, a majority believe that these vendors should not cooperate, according to a Cloud Security Alliance (CSA) and Bitglass survey of 176 information security professionals.

More than a third (35%) of respondents reported that they believe cloud app vendors should be forced to provide government access to encrypted data, while slightly more than half (55%) noted that they are opposed.

The survey also found nearly two-thirds (64%) of US-based information security professionals are opposed to government cooperation, compared to only 42% of respondents in Europe, the Middle East, and Africa (EMEA).

In addition to those finding on encryption, businesses and their IT departments seem to lack visibility into their cloud infrastructure. Less than half (49%) of organizations even know basics such as where and when sensitive data is being downloaded.

(Image: traffic_analyzer/iStockphoto)

(Image: traffic_analyzer/iStockphoto)

Even more worrying is the fact that only about 28% have access into user logins, and a mere 29% have audit logs, although confidence in cloud vendors seems to be growing. Some 67% of respondents said they were moderately concerned or not at all concerned about their cloud application vendors being compromised.

"Since cloud apps are accessible from any device, anywhere, having robust identity management and access control is critical," Rich Campagna, vice president of products for Bitglass, told InformationWeek.

"Organizations must employ tools that provide the ability to identify and control suspicious logins, anomalous user activities, and unmanaged device access across all of their cloud applications."

The report also found the deployment of cloud access security brokers (CASBs) are on the rise, with 60% of organizations having deployed or planning to deploy a CASB, with data leakage prevention cited as the most important capability.

Deployed between cloud apps and devices, CASBs provide data protection and visibility. They leverage features such as encryption, data loss prevention (DLP), and access control.

It should be noted that Bitglass does sell cloud security technology, including CASBs.

"Cloud access security brokers have become the go-to solution for closing security and compliance gaps in the public cloud," Campagna explained.

[Read more about the public cloud market.]

The report revealed most organizations have experienced some cloud security incident, with 59% related to unwanted external sharing and 47% involving access from unauthorized devices.

Among the other issues facing organizations and their IT security specialists are shadow IT threats -- information technology systems and solutions built and used inside organizations without explicit organizational approval.

The report found that few of the organizations surveyed have taken action to mitigate these threats. Only 29% of respondents said they use a proxy or firewall to redirect users.

"The ease with which employees can use unsanctioned shadow IT apps makes control difficult, with 62% using written policies according to our survey -- not at all effective in controlling usage," Campagna said. "In addition, 38% of respondents said they outright block applications, which tends to drive employees to work around IT, accessing these apps outside the corporate network."

He explained that discovery -- the ability to identify unsanctioned cloud usage and the risk profile of each application -- is the first step IT departments should take when tackling shadow IT issues.

"Organizations can then decide what to do, including secure and sanction, block, or redirect," Campagna said.

Nathan Eddy is a freelance writer for InformationWeek. He has written for Popular Mechanics, Sales & Marketing Management Magazine, FierceMarkets, and CRN, among others. In 2012 he made his first documentary film, The Absent Column. He currently lives in Berlin. View Full Bio

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Azathoth
50%
50%
Azathoth,
User Rank: Strategist
8/16/2016 | 9:15:14 AM
In my crystal ball I see
I see the government nationalizing all the cloud providers so that all your cloud storage is under government contol.  Anyway, you don't have anything to hide.  Do you?
Commentary
Enterprise Guide to Edge Computing
Cathleen Gagne, Managing Editor, InformationWeek,  10/15/2019
News
Rethinking IT: Tech Investments that Drive Business Growth
Jessica Davis, Senior Editor, Enterprise Apps,  10/3/2019
Slideshows
IT Careers: 12 Job Skills in Demand for 2020
Cynthia Harvey, Freelance Journalist, InformationWeek,  10/1/2019
White Papers
Register for InformationWeek Newsletters
State of the Cloud
State of the Cloud
Cloud has drastically changed how IT organizations consume and deploy services in the digital age. This research report will delve into public, private and hybrid cloud adoption trends, with a special focus on infrastructure as a service and its role in the enterprise. Find out the challenges organizations are experiencing, and the technologies and strategies they are using to manage and mitigate those challenges today.
Video
Current Issue
Getting Started With Emerging Technologies
Looking to help your enterprise IT team ease the stress of putting new/emerging technologies such as AI, machine learning and IoT to work for their organizations? There are a few ways to get off on the right foot. In this report we share some expert advice on how to approach some of these seemingly daunting tech challenges.
Slideshows
Flash Poll