The majority of IT security professionals don’t have full visibility into where all their organization’s sensitive data resides, new research has revealed—and they don’t necessarily trust others to secure it.
Perhaps in a begrudging acknowledgment of the massive data breaches victimizing the likes of Target, Sony and Anthem, combined with the reality of aggressive pushes by organizations to put more of their data in the hands of outside service providers like cloud systems, trust in cloud services is split.
About half (52%) of respondents say they trust their cloud service provider to take care of protecting and controlling their enterprise data. The other half (48%) do not.
“Relying on a CSP for data compliance and protection is not enough, but on the flip side, writing off cloud services because of security skepticism is unnecessarily limiting and harms the business,” said Gerry Grealish, CMO at Perspecsys, which conducted the survey at RSA. “Enterprises need to consider encrypting or tokenizing any sensitive data before it goes to the cloud, so they retain full control of their information while it is in-transit to the cloud, while it is stored at-rest in the cloud, and while it is in-use being processed in the cloud.
Further, 57% of IT security pros said that they struggle to see a complete picture of where their organization’s sensitive data is located, thanks to challenges with tracking where sensitive and regulated data is flowing, and the inability to control that flow in outsourced environments.”
“[Controlling data in environments] such as SaaS cloud applications, where it can move freely between data centers and cloud provider’s partner’s systems, is a key challenge for enterprises in regulated sectors,” Grealish said. “Cloud trust issues reported by the respondents make it clear organizations are not aggressively using cloud systems because of privacy and security concerns. This is limiting the true transformational benefits that the cloud could bring.”
IDC forecasts that public IT cloud services will account for more than half of global software, server, and storage spending growth by 2018. The Perspecsys survey findings align with this projection, with 67% of respondents preferring to store the majority of enterprise data in the cloud if data privacy and compliance regulations could be addressed. About half of respondents say existing or impending data privacy regulations impact up to 50% of their cloud strategy.
Interestingly, the current perception remains that private cloud is more secure than its public cloud cousins. The majority of respondents still house less than a quarter of their data in public cloud environments. About a third claim no public cloud use at any level (IaaS, PaaS or SaaS), as far as they know.
“Regulatory compliance and security concerns are the primary inhibitors to cloud adoption, according to our survey,” adds Grealish. “Interestingly, in the wake of the NSA and Snowden controversy sparking a serious privacy debate, about 55% of respondents, mostly from locations outside the United States, say their organization’s adoption of public cloud applications has been impacted by the ‘Snowden effect,’ while about 45% report no impact and the remaining percentage say they’re unsure.”