Survey Suggests Trust in the Cloud is Slowly Increasing

Share

Related Links

  • Lieberman Software
  • Reed Exhibitions Ltd is not responsible for the content of external websites.

Related Stories

  • UK Hospital Records Stored in Google Cloud and Used By Marketing Firm
    New concerns over the possible use of patient health information in care.data (an amalgamation of both hospital and GP records into a single database due to go live in the autumn) have been raised following revelations that existing hospital records have been stored in Google cloud, and bought and used by a marketing company.
  • RSA Conference 2014: Qualys Adds Cloud-based Continuous Monitoring and Web App Firewall
    At this week's RSA Conference in San Francisco, Qualys has unveiled a pair of new security offerings meant to enhance companies’ cloud security profiles. Continuous monitoring capability is the most recent addition to its QualysGuard Cloud Platform, while QualysGuard Web Application Firewall (WAF) service is for web applications running in Amazon EC2 and on-premise.
  • CSA Summit 2014: Using the Cloud to Protect Critical Infrastructure
    By the end of 2014, more than half of all computing workloads will be processed by cloud based-services, based on data provided by Trend Micro’s JD Sherry. With much US-based critical infrastructure being operated by the private sector, there are both security risks and opportunities through leveraging the cloud
  • RSA Conference 2014 Q&A: Jim Reavis, CEO, Cloud Security Alliance
    Drew Amorosi sits down with Jim Reavis, co-founder and CEO of the non-profit Cloud Security Alliance (CSA), on day two of the RSA Conference in San Francisco, as the two discuss the growth of cloud services, its security issues, and the CSA’s Software Defined Perimeter (SDP) initiative
  • Public Cloud Sharing Tools Are a Primary Security Risk
    Organizations consider public cloud sharing tools as a primary security risk according to a survey of IT professionals conducted by Axway and Ponemon Institute.

Top 5 Stories

News

Survey Suggests Trust in the Cloud is Slowly Increasing

27 March 2014

A survey of almost 300 IT security professionals at RSA 2014 shows that trust in cloud security has increased slightly over the last 15 months – but not by very much. By February 2014 the number of professionals who prefer to keep sensitive corporate data within their own network had fallen from 86% (November 2012) to 80%.

But more surprising, the fear of specific government snooping has fallen from 48% (pre-Snowden revelations) to just 30% (post-Snowden). These figures appear to be counterintuitive. While trust in the cloud remains low and has improved only 6 points, trust in the government appears to have improved 18 points.

One possible cause might be that revelations about the extent of NSA snooping might have quantified a pre-existing but nebulous fear. Security professionals have always been aware that the Patriot Act allowed, and was being used, to provide government access to cloud data – but they did not know to what extent or for what purpose. 

“The fact that the government is snooping within our IT environments and on our phone calls isn’t a big revelation," explains Calum MacLeod, VP of EMEA for Lieberman Software (the firm that conducted the survey), "and when the NSA scandal broke it should not have come as a big surprise to those who work in the security industry. Government surveillance has been around for a very long time and unless you’re doing something against the law it shouldn’t be a concern."

It is possible, then, that consistent government protestations that the NSA does not engage in commercial espionage may have reassured some professionals; who have then been further reassured by generally improving cloud security. "Security professionals realize that the major cloud service providers offer very comprehensive security," continued MacLeod, "and ultimately their willingness to invest in technology to protect their clients probably offers a more secure environment than off-shoring companies, particularly in India who seem to think that everything can be solved with cheap labor.”

Be that as it may, it remains that almost a third of security professionals distrust the cloud primarily because of government snooping, and who are not reassured by NSA explanations. The implication here is that many companies simply do not believe that the NSA does not engage in commercial espionage, and that they are therefore concerned over the privacy of their commercial secrets.

"Industrial espionage is important to major economies," MacLeod suggested to Infosecurity, "and especially countries like China because it is viewed as a method of levelling the playing field by adopting a strategy that neutralizes the enemy without direct confrontation. In fact," he continued, "if the NSA is not involved in industrial espionage, they’re either extremely naïve or being economical with the truth."

MacLeod suggests that government industrial espionage is a matter of course. "How did the US government become aware of bankers and businesses that were involved in breaking embargoes with Iraq unless somebody was watching?" This constant watch can then become a concern for future business. Consider the possible ramifications over the current troubles in Crimea. Different countries have different laws and attitudes. What are the ramifications, he asks, "for a business that legitimately supplies products to Russia from their own country, and their future ability to continue to do business in the US?"

But he stressed that this concern should be applied to all and any government snooping, and not just the NSA. "It's not simply the NSA," he warned, "and undue focus on NSA snooping simply makes the industrial espionage of other governments easier."

As if to prove his point, Le Monde reported last week that the French intelligence agency has complete and unfettered access to all of telecommunications giant Orange's customer metadata. The DGSE and agents with military clearance have been working with Orange, formerly known as France Telecom, "for at least 30 years", said Le Monde. "According to GCHQ [via a document from the Snowden files], the DGSE and the French incumbent work together to improve the national interception networks communication skills and work together to break the encryption of data flowing through the network. France Telecom is a major player in the surveillance system in France."

This article is featured in:
Cloud Computing

 

Comments

sureshkrishnan says:

28 March 2014
Interesting details emerging from the report. Most organizations move to cloud technology as it is cost effective and offers numerous other benefits such as ubiquitous access, however organizations should also be wary of the security risks of moving to the cloud. Organization can ensure security and privacy of data by using encryption and other security tools, other methods such as regulating access and effectively managing vendors/outsourcing partners with controls such as SOC can employed to protect assets on the cloud. I work for McGladrey and there’s a whitepaper on the website that aligns well with this article that was created on this subject, readers will be interested in it. @ “Managing cloud risks with service organization controls”  http://bit.ly/1a2LQnE

Note: The majority of comments posted are created by members of the public. The views expressed are theirs and unless specifically stated are not those Elsevier Ltd. We are not responsible for any content posted by members of the public or content of any third party sites that are accessible through this site. Any links to third party websites from this website do not amount to any endorsement of that site by the Elsevier Ltd and any use of that site by you is at your own risk. For further information, please refer to our Terms & Conditions.

Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×