A study conducted by SafeNet Research and the Ponemon Institute demonstrates the struggle ICT (information and communications technology) personnel experience with security in cloud environments:
- Computing professionals are having a hard time with cloud data oversight, with two out of five distributed virtual systems managed by third parties.
- Enterprises don’t have one unified “single point of accountability” for protection of their multi-cloud environments.
- Safeguards that have worked in traditional infrastructures are challenging to deploy in cloud settings, so firms are using multi-factor authentication and various encryption tactics.
Most IT executives do not have comprehensive details on the information security of cloud architectures, a blind spot that has created an area of vulnerability for sensitive data. A study funded by the data protection firm SafeNet and conducted by the Ponemon Institute arrived at that disturbing conclusion after polling almost 2000 IT decision-makers around the globe.
The study determined that firms are getting more of their operational power from “as a service” cloud plans than ever before, and IT personnel are not able to control the applicable data as well as they would like. Less than two out of every five companies (38%) have policies in place that establish titles and responsibilities to protect critical data that is processed in distributed virtual environments. Making matters more complicated, almost half of cloud business information (44%) falls under the administration of an outside party. Furthermore, seven out of ten IT staffers (71%) believe that traditional mechanisms fail when safeguarding these high-efficiency environments.
Dr. Larry Ponemon, principal of the Ponemon Institute, suggests three basic strategies to rectify the situation:
- Utilize the IT staff to create company-wide protections
- Bolster the transparency of any “as a service” technology
- Harden your environment with improved access mechanisms – including multi-factor authentication – and across-the-board encryption.
Growth of Cloud Means Potential Security Loopholes
Almost three out of every four respondents (71%) say that distributed virtual environments are critical to computing in 2014. Even more (78%) agree that distributed virtual systems will be fundamental to IT success by 2016. Fully one-third of companies’ resources (33%) are supplied through the cloud, and that figure is projected to accelerate to 41% by 2016.
Although the cloud is clearly becoming increasingly popular, seven out of ten IT professionals (70%) believe that controlling for privacy and regulatory demands is more complicated with these infrastructures. Alarmingly, the kind of information that tends to be maintained in the virtual settings, which can include mail and transactional data, is especially sensitive in the event of a breach.
Shadow IT & Security Responsibilities
Throughout the business world, 50% of clouds are adopted by non-IT personnel, with almost half of the virtual information (44%) uncontrolled by tech professionals. Because that’s the case, just one in five IT staffers (19%) believe they are aware of every “as a service” tool or environment currently being used within their firms.
Beyond the missing oversight related to distributed virtual technologies, there seems to be confusion among computing professionals related to protection responsibilities. A third each believe the user is accountable for security (33%), the vendor is accountable (32%), and that accountability is shared between the two (35%).
Multi-Factor Authentication & Encryption Replace Traditional Mechanisms
Almost 3 out of four people surveyed (71%) believe that traditional protections are not well-suited to these new environments. One in two (48%) report that it is challenging to manage cloud authentication. For these reasons, one-third of companies (34%) have created documentation that instructs employees to utilize encryption tools if they want to access “as a service” resources. Almost three out of four staffers (71%) believe encryption and/or tokenization to be essential, while four out of five (79%) think those measures will be crucial by 2016.
Of the protections currently in place to protect the information in distributed virtual infrastructures, VPNs (virtual private networks, which provide encrypted connections) are used by 43% of firms. Almost two out of every five professionals (39%) report that there companies enhance security with cryptographic software, tokenization, or other encryption tactics. One-third of respondents are unsure about the nature of the safeguards that are in place. Slightly fewer organizations (29%) subscribe to paid protection packages offered through “as a service” vendors.
Best Practices for Cloud Security
The Ponemon Institute report advises that companies should train their staff on proper precautionary guidelines, establish full-spectrum parameters for governance of cloud information, define rules for deployment of “as a service” plans, and categorize data so that only certain types are designated for distributed virtual settings.
Ponemon also recommends the use of cloud-based tools to “manage the protection data in the cloud in a centralized fashion.” In other words, 29% of companies that are using paid protection packages from their cloud vendors are acting in their own best interests.
Superb Internet offers premium managed services to protect your security in the cloud. We pride ourselves on being easy to work with. As our customer Chris Hatchie commented, “You guys are great! This is why I keep my business with your company!”
By Kent Roberts