IT Pros: Cloud Providers Shouldn't Turn Over Encrypted Data - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

08:05 AM

IT Pros: Cloud Providers Shouldn't Turn Over Encrypted Data

While some IT professionals believe that cloud computing vendors should turn over encrypted data to government agencies, 55% believe that it is not right, according to a new survey from CSA and Bitglass. The report also found that confidence in cloud vendor security is growing.

9 Promising Cloud Security Startups To Watch
9 Promising Cloud Security Startups To Watch
(Click image for larger view and slideshow.)

More than one in three IT professionals believe cloud providers should turn over encrypted data to the government when they are asked. However, a majority believe that these vendors should not cooperate, according to a Cloud Security Alliance (CSA) and Bitglass survey of 176 information security professionals.

More than a third (35%) of respondents reported that they believe cloud app vendors should be forced to provide government access to encrypted data, while slightly more than half (55%) noted that they are opposed.

The survey also found nearly two-thirds (64%) of US-based information security professionals are opposed to government cooperation, compared to only 42% of respondents in Europe, the Middle East, and Africa (EMEA).

In addition to those finding on encryption, businesses and their IT departments seem to lack visibility into their cloud infrastructure. Less than half (49%) of organizations even know basics such as where and when sensitive data is being downloaded.

(Image: traffic_analyzer/iStockphoto)

(Image: traffic_analyzer/iStockphoto)

Even more worrying is the fact that only about 28% have access into user logins, and a mere 29% have audit logs, although confidence in cloud vendors seems to be growing. Some 67% of respondents said they were moderately concerned or not at all concerned about their cloud application vendors being compromised.

"Since cloud apps are accessible from any device, anywhere, having robust identity management and access control is critical," Rich Campagna, vice president of products for Bitglass, told InformationWeek.

"Organizations must employ tools that provide the ability to identify and control suspicious logins, anomalous user activities, and unmanaged device access across all of their cloud applications."

The report also found the deployment of cloud access security brokers (CASBs) are on the rise, with 60% of organizations having deployed or planning to deploy a CASB, with data leakage prevention cited as the most important capability.

Deployed between cloud apps and devices, CASBs provide data protection and visibility. They leverage features such as encryption, data loss prevention (DLP), and access control.

It should be noted that Bitglass does sell cloud security technology, including CASBs.

"Cloud access security brokers have become the go-to solution for closing security and compliance gaps in the public cloud," Campagna explained.

[Read more about the public cloud market.]

The report revealed most organizations have experienced some cloud security incident, with 59% related to unwanted external sharing and 47% involving access from unauthorized devices.

Among the other issues facing organizations and their IT security specialists are shadow IT threats -- information technology systems and solutions built and used inside organizations without explicit organizational approval.

The report found that few of the organizations surveyed have taken action to mitigate these threats. Only 29% of respondents said they use a proxy or firewall to redirect users.

"The ease with which employees can use unsanctioned shadow IT apps makes control difficult, with 62% using written policies according to our survey -- not at all effective in controlling usage," Campagna said. "In addition, 38% of respondents said they outright block applications, which tends to drive employees to work around IT, accessing these apps outside the corporate network."

He explained that discovery -- the ability to identify unsanctioned cloud usage and the risk profile of each application -- is the first step IT departments should take when tackling shadow IT issues.

"Organizations can then decide what to do, including secure and sanction, block, or redirect," Campagna said.

Nathan Eddy is a freelance writer for InformationWeek. He has written for Popular Mechanics, Sales & Marketing Management Magazine, FierceMarkets, and CRN, among others. In 2012 he made his first documentary film, The Absent Column. He currently lives in Berlin. View Full Bio

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

Blockchain Gets Real Across Industries
Lisa Morgan, Freelance Writer,  7/22/2021
Seeking a Competitive Edge vs. Chasing Savings in the Cloud
Joao-Pierre S. Ruth, Senior Writer,  7/19/2021
How CIO Roles Will Change: The Future of Work
Jessica Davis, Senior Editor, Enterprise Apps,  7/1/2021
White Papers
Register for InformationWeek Newsletters
2021 State of ITOps and SecOps Report
2021 State of ITOps and SecOps Report
This new report from InformationWeek explores what we've learned over the past year, critical trends around ITOps and SecOps, and where leaders are focusing their time and efforts to support a growing digital economy. Download it today!
Current Issue
Monitoring Critical Cloud Workloads Report
In this report, our experts will discuss how to advance your ability to monitor critical workloads as they move about the various cloud platforms in your company.
Flash Poll