The Internet of Things (IoT) generates a lot of data, which organizations can store in the cloud. But how are they keeping it all safe?
Many companies are realizing they face this challenge and are ramping up efforts to improve data security as they embrace new platforms, including IoT and cloud-based applications, according to a recent survey conducted by 451 Research.
The survey, sponsored by data and cloud security vendor Vormetric, polled 1,114 senior IT executives, representing companies ranging from $50 million to more than $2 billion in annual sales.
[What's the Apple vs. FBI fight over the encrypted and secured iPhone all about? Read Tim Cook vs. FBI: Why Apple Is Fighting the Good Fight.]
More than 80% of respondents said they plan to store data in "new technology environments," defined as cloud, big data, or IoT. Of those, the vast majority (85%) said they were "concerned" or "very concerned" about security in the cloud.
Over half of all respondents voiced similar concerns about the security of big data, while more than a third (36%) said that protecting IoT data was a major concern.
Still, report author and 451 Research senior analyst Garrett Bekker, said in a prepared statement that security is an afterthought "when it comes to adopting new technologies, often taking a back seat amidst the rush to stake a claim in a promising new market."
The 451 Research survey showed that clients see encryption as one solution to guarantee cloud security. By a three-to-two margin, clients preferred to manage their own encryption keys, the survey said.
"Encryption got a bad rap in the past 40 years," said Sol Cates, chief security officer at Vormetric, in an interview with InformationWeek. It was perceived as slow and complicated. "How do you apply it without breaking anything?" he asked.
Early adopters of encryption were paranoid, or sensitive and paranoid, or aware of regulatory compliance, Cates noted. All these factors may have impeded the wide implementation of encryption as a security solution. But attitudes have shifted again, as companies now seek encryption solutions. As more data is collected by organizations, the C-suite is experiencing more concern over its security. Customers also expect their data to be kept safe, Cates explained.
That collection of data is growing exponentially, as gigabytes pile into terabytes, finally adding up to petabytes. Do you protect it all?
"Don't try to encrypt or protect everything," Cates said. Companies have to identify the 10% to 20% of data that is absolutely crucial. "If we lose this, we're done," is how Cates described this category.
The burden rests on the chief security officer, who must understand the business in order to understand the value of the data and what is most important to protect, Cates explained. That person must be able to communicate that understanding in the same language used by the various departments in that business, he added. The CSO must do more than share statistics; the CSO must share understanding.
Parting of the Cloud
Encryption isn't the only technology undergoing a major shift. Security was once a factor that made companies reluctant to move their data to the cloud, sometimes opting for hybrid solutions where the "crown jewels" would remain on-premises.
"Something is shifting there," Cates said, as companies now pursue cloud-based solutions. "A lot of organizations started on the cloud," he said, while established companies are becoming comfortable once they've gained more control over their data environment. Cloud providers want no liability for storing client data, which pushes the responsibility for security back to the client, he added.
Forecasts and Recommendations
451 Research predicts encryption and security policy management will be part of all future cloud deployment, with encryption deployed either natively or via a third-party solution. Clients will find their best options for cloud security after sorting through internal policies, industry best practices, and compliance mandates.
For big data, 451 Research recommends finding broad-based encryption and access controls that can cover traditional as well as big data repositories.
When it comes to the Internet of Things, the report suggests that clients focus on device authentication and access controls, as well as encrypting data as it flows from the device to the database.