Survey Suggests Trust in the Cloud is Slowly Increasing

Share

Related Links

  • Lieberman Software
  • Reed Exhibitions Ltd is not responsible for the content of external websites.

Top 5 Stories

News

Survey Suggests Trust in the Cloud is Slowly Increasing

27 March 2014

A survey of almost 300 IT security professionals at RSA 2014 shows that trust in cloud security has increased slightly over the last 15 months – but not by very much. By February 2014 the number of professionals who prefer to keep sensitive corporate data within their own network had fallen from 86% (November 2012) to 80%.

But more surprising, the fear of specific government snooping has fallen from 48% (pre-Snowden revelations) to just 30% (post-Snowden). These figures appear to be counterintuitive. While trust in the cloud remains low and has improved only 6 points, trust in the government appears to have improved 18 points.

One possible cause might be that revelations about the extent of NSA snooping might have quantified a pre-existing but nebulous fear. Security professionals have always been aware that the Patriot Act allowed, and was being used, to provide government access to cloud data – but they did not know to what extent or for what purpose. 

“The fact that the government is snooping within our IT environments and on our phone calls isn’t a big revelation," explains Calum MacLeod, VP of EMEA for Lieberman Software (the firm that conducted the survey), "and when the NSA scandal broke it should not have come as a big surprise to those who work in the security industry. Government surveillance has been around for a very long time and unless you’re doing something against the law it shouldn’t be a concern."

It is possible, then, that consistent government protestations that the NSA does not engage in commercial espionage may have reassured some professionals; who have then been further reassured by generally improving cloud security. "Security professionals realize that the major cloud service providers offer very comprehensive security," continued MacLeod, "and ultimately their willingness to invest in technology to protect their clients probably offers a more secure environment than off-shoring companies, particularly in India who seem to think that everything can be solved with cheap labor.”

Be that as it may, it remains that almost a third of security professionals distrust the cloud primarily because of government snooping, and who are not reassured by NSA explanations. The implication here is that many companies simply do not believe that the NSA does not engage in commercial espionage, and that they are therefore concerned over the privacy of their commercial secrets.

"Industrial espionage is important to major economies," MacLeod suggested to Infosecurity, "and especially countries like China because it is viewed as a method of levelling the playing field by adopting a strategy that neutralizes the enemy without direct confrontation. In fact," he continued, "if the NSA is not involved in industrial espionage, they’re either extremely naïve or being economical with the truth."

MacLeod suggests that government industrial espionage is a matter of course. "How did the US government become aware of bankers and businesses that were involved in breaking embargoes with Iraq unless somebody was watching?" This constant watch can then become a concern for future business. Consider the possible ramifications over the current troubles in Crimea. Different countries have different laws and attitudes. What are the ramifications, he asks, "for a business that legitimately supplies products to Russia from their own country, and their future ability to continue to do business in the US?"

But he stressed that this concern should be applied to all and any government snooping, and not just the NSA. "It's not simply the NSA," he warned, "and undue focus on NSA snooping simply makes the industrial espionage of other governments easier."

As if to prove his point, Le Monde reported last week that the French intelligence agency has complete and unfettered access to all of telecommunications giant Orange's customer metadata. The DGSE and agents with military clearance have been working with Orange, formerly known as France Telecom, "for at least 30 years", said Le Monde. "According to GCHQ [via a document from the Snowden files], the DGSE and the French incumbent work together to improve the national interception networks communication skills and work together to break the encryption of data flowing through the network. France Telecom is a major player in the surveillance system in France."

This article is featured in:
Cloud Computing

 

Comments

sureshkrishnan says:

28 March 2014
Interesting details emerging from the report. Most organizations move to cloud technology as it is cost effective and offers numerous other benefits such as ubiquitous access, however organizations should also be wary of the security risks of moving to the cloud. Organization can ensure security and privacy of data by using encryption and other security tools, other methods such as regulating access and effectively managing vendors/outsourcing partners with controls such as SOC can employed to protect assets on the cloud. I work for McGladrey and there’s a whitepaper on the website that aligns well with this article that was created on this subject, readers will be interested in it. @ “Managing cloud risks with service organization controls”  http://bit.ly/1a2LQnE

Note: The majority of comments posted are created by members of the public. The views expressed are theirs and unless specifically stated are not those Elsevier Ltd. We are not responsible for any content posted by members of the public or content of any third party sites that are accessible through this site. Any links to third party websites from this website do not amount to any endorsement of that site by the Elsevier Ltd and any use of that site by you is at your own risk. For further information, please refer to our Terms & Conditions.

Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×