IT Pros: Cloud Providers Shouldn't Turn Over Encrypted Data - InformationWeek
08:05 AM

IT Pros: Cloud Providers Shouldn't Turn Over Encrypted Data

While some IT professionals believe that cloud computing vendors should turn over encrypted data to government agencies, 55% believe that it is not right, according to a new survey from CSA and Bitglass. The report also found that confidence in cloud vendor security is growing.

9 Promising Cloud Security Startups To Watch
9 Promising Cloud Security Startups To Watch
(Click image for larger view and slideshow.)

More than one in three IT professionals believe cloud providers should turn over encrypted data to the government when they are asked. However, a majority believe that these vendors should not cooperate, according to a Cloud Security Alliance (CSA) and Bitglass survey of 176 information security professionals.

More than a third (35%) of respondents reported that they believe cloud app vendors should be forced to provide government access to encrypted data, while slightly more than half (55%) noted that they are opposed.

The survey also found nearly two-thirds (64%) of US-based information security professionals are opposed to government cooperation, compared to only 42% of respondents in Europe, the Middle East, and Africa (EMEA).

In addition to those finding on encryption, businesses and their IT departments seem to lack visibility into their cloud infrastructure. Less than half (49%) of organizations even know basics such as where and when sensitive data is being downloaded.

(Image: traffic_analyzer/iStockphoto)

(Image: traffic_analyzer/iStockphoto)

Even more worrying is the fact that only about 28% have access into user logins, and a mere 29% have audit logs, although confidence in cloud vendors seems to be growing. Some 67% of respondents said they were moderately concerned or not at all concerned about their cloud application vendors being compromised.

"Since cloud apps are accessible from any device, anywhere, having robust identity management and access control is critical," Rich Campagna, vice president of products for Bitglass, told InformationWeek.

"Organizations must employ tools that provide the ability to identify and control suspicious logins, anomalous user activities, and unmanaged device access across all of their cloud applications."

The report also found the deployment of cloud access security brokers (CASBs) are on the rise, with 60% of organizations having deployed or planning to deploy a CASB, with data leakage prevention cited as the most important capability.

Deployed between cloud apps and devices, CASBs provide data protection and visibility. They leverage features such as encryption, data loss prevention (DLP), and access control.

It should be noted that Bitglass does sell cloud security technology, including CASBs.

"Cloud access security brokers have become the go-to solution for closing security and compliance gaps in the public cloud," Campagna explained.

[Read more about the public cloud market.]

The report revealed most organizations have experienced some cloud security incident, with 59% related to unwanted external sharing and 47% involving access from unauthorized devices.

Among the other issues facing organizations and their IT security specialists are shadow IT threats -- information technology systems and solutions built and used inside organizations without explicit organizational approval.

The report found that few of the organizations surveyed have taken action to mitigate these threats. Only 29% of respondents said they use a proxy or firewall to redirect users.

"The ease with which employees can use unsanctioned shadow IT apps makes control difficult, with 62% using written policies according to our survey -- not at all effective in controlling usage," Campagna said. "In addition, 38% of respondents said they outright block applications, which tends to drive employees to work around IT, accessing these apps outside the corporate network."

He explained that discovery -- the ability to identify unsanctioned cloud usage and the risk profile of each application -- is the first step IT departments should take when tackling shadow IT issues.

"Organizations can then decide what to do, including secure and sanction, block, or redirect," Campagna said.

Nathan Eddy is a freelance writer for InformationWeek. He has written for Popular Mechanics, Sales & Marketing Management Magazine, FierceMarkets, and CRN, among others. In 2012 he made his first documentary film, The Absent Column. He currently lives in Berlin. View Full Bio

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Strategist
8/16/2016 | 9:15:14 AM
In my crystal ball I see
I see the government nationalizing all the cloud providers so that all your cloud storage is under government contol.  Anyway, you don't have anything to hide.  Do you?
2018 State of the Cloud
2018 State of the Cloud
Cloud adoption is growing, but how are organizations taking advantage of it? Interop ITX and InformationWeek surveyed technology decision-makers to find out, read this report to discover what they had to say!
Register for InformationWeek Newsletters
Current Issue
The Next Generation of IT Support
The workforce is changing as businesses become global and technology erodes geographical and physical barriers.IT organizations are critical to enabling this transition and can utilize next-generation tools and strategies to provide world-class support regardless of location, platform or device
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll