While most top IT executives at companies of all sizes continue to express concern about the security of data in the cloud, that hasn't slowed their move to embrace this new infrastructure as a home for corporate data. A new survey and report reveal their top security nightmares and provides some recommendations about how to protect data in the cloud.
8 Reasons Cloud Email Is A Smart Move Now
(Click image for larger view and slideshow.)
The Internet of Things (IoT) generates a lot of data, which organizations can store in the cloud. But how are they keeping it all safe?
Many companies are realizing they face this challenge and are ramping up efforts to improve data security as they embrace new platforms, including IoT and cloud-based applications, according to a recent survey conducted by 451 Research.
The survey, sponsored by data and cloud security vendor Vormetric, polled 1,114 senior IT executives, representing companies ranging from $50 million to more than $2 billion in annual sales.
More than 80% of respondents said they plan to store data in "new technology environments," defined as cloud, big data, or IoT. Of those, the vast majority (85%) said they were "concerned" or "very concerned" about security in the cloud.
Over half of all respondents voiced similar concerns about the security of big data, while more than a third (36%) said that protecting IoT data was a major concern.
Still, report author and 451 Research senior analyst Garrett Bekker, said in a prepared statement that security is an afterthought "when it comes to adopting new technologies, often taking a back seat amidst the rush to stake a claim in a promising new market."
The 451 Research survey showed that clients see encryption as one solution to guarantee cloud security. By a three-to-two margin, clients preferred to manage their own encryption keys, the survey said.
"Encryption got a bad rap in the past 40 years," said Sol Cates, chief security officer at Vormetric, in an interview with InformationWeek. It was perceived as slow and complicated. "How do you apply it without breaking anything?" he asked.
Early adopters of encryption were paranoid, or sensitive and paranoid, or aware of regulatory compliance, Cates noted. All these factors may have impeded the wide implementation of encryption as a security solution. But attitudes have shifted again, as companies now seek encryption solutions. As more data is collected by organizations, the C-suite is experiencing more concern over its security. Customers also expect their data to be kept safe, Cates explained.
That collection of data is growing exponentially, as gigabytes pile into terabytes, finally adding up to petabytes. Do you protect it all?
"Don't try to encrypt or protect everything," Cates said. Companies have to identify the 10% to 20% of data that is absolutely crucial. "If we lose this, we're done," is how Cates described this category.
The burden rests on the chief security officer, who must understand the business in order to understand the value of the data and what is most important to protect, Cates explained. That person must be able to communicate that understanding in the same language used by the various departments in that business, he added. The CSO must do more than share statistics; the CSO must share understanding.
Parting of the Cloud
Encryption isn't the only technology undergoing a major shift. Security was once a factor that made companies reluctant to move their data to the cloud, sometimes opting for hybrid solutions where the "crown jewels" would remain on-premises.
"Something is shifting there," Cates said, as companies now pursue cloud-based solutions. "A lot of organizations started on the cloud," he said, while established companies are becoming comfortable once they've gained more control over their data environment. Cloud providers want no liability for storing client data, which pushes the responsibility for security back to the client, he added.
Forecasts and Recommendations
451 Research predicts encryption and security policy management will be part of all future cloud deployment, with encryption deployed either natively or via a third-party solution. Clients will find their best options for cloud security after sorting through internal policies, industry best practices, and compliance mandates.
For big data, 451 Research recommends finding broad-based encryption and access controls that can cover traditional as well as big data repositories.
When it comes to the Internet of Things, the report suggests that clients focus on device authentication and access controls, as well as encrypting data as it flows from the device to the database.
Are you an IT Hero? Do you know someone who is? Submit your entry now for InformationWeek's IT Hero Award. Full details and a submission form can be found here.
William Terdoslavich is an experienced writer with a working understanding of business, information technology, airlines, politics, government, and history, having worked at Mobile Computing & Communications, Computer Reseller News, Tour and Travel News, and Computer Systems ... View Full Bio
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Digital Transformation Myths & TruthsTransformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.