Security concerns aren't going anywhere, new report finds
When it comes to adopting new technologies and implementing business transformations, security is often not in place although it's a crucial concern, according to a new Data Threat Report by Vormetric.
The report finds that 85% of enterprises keep sensitive data in the cloud, 50% in big data, and 33% in IoT, and many (70%) are very or extremely concerned about it the security of their data as a result.
On top of this, storage of critical information within cloud and big data environments continues to increase, adding to these concerns. In fact, 85% of respondents are using sensitive data in the cloud, up from 54% last year, and 50% are using sensitive data within big data implementations, up from 31% previously.
Garrett Bekker, senior analyst information security at 451 Research and the author of the report, says, "Security is still an afterthought when it comes to adopting new technologies, often taking a back seat amidst the rush to stake a claim in a promising new market.”
In terms of the cloud, even as enterprises move forward with adopting services, and in some cases believe that cloud environments are more secure than their local IT infrastructure, on the whole they remain concerned about the security of their information, the report finds.
When respondents were asked about the top data security concerns for cloud services:
- 70% note security breaches / attacks at the service provider
- 66% cite increased vulnerabilities from shared infrastructure
- 66% call out lack of control over the location of data
In addition, espondents cited four top changes that would increase their willingness to use cloud services:
- 48% ask for encryption of data with enterprise key control on their premises
- 36% desire detailed physical and IT security implementation information
- 35% select encryption of their organisation's data within the service provider's infrastructure
- 27% also want exposure of security monitoring data for their information.
According to Vormetric, the most notable change from last year's results were whether encryption keys should be managed or stored. In the 2015 report, management of keys by service providers, or locally by the enterprise were very close to equally rated. This year enterprises seem to have realised that control and management of encryption keys is the critical link in securing their data in the cloud, the company says. In fact, only 35% cite management of encryption keys by the cloud provider as a way to increase their usage of cloud, down from 53% last year, according to the report.
With 50% of all respondents planning to store sensitive information within big data environments (up from 31% last year), big data environments have become a much greater concern for enterprises as a possible point of compromise, and is a key focus for compliance efforts, the report shows.
As these environments hold a growing share of an enterprise's sensitive information, the challenges for organisations that need to secure their data grows. Essentially, the entire environment requires protection, as data migrates to wherever it is needed for analysis within big data implementations, Vormetric says.
Results show organisations see many potential points of concern. The top five concerns were:
- Security of the reports produced, as they may include sensitive data (42%)
- Sensitive information may reside anywhere within the environment (41%)
- Privacy violations from data originating in multiple countries (40%)
- Privileged user access to protected data in the implementation (37%)
- Lack of security frameworks and controls within the environment (33%)
In addition, big data projects frequently rely on cloud-based service delivery, causing double jeopardy issues, Vormetric says. For many organisations the threats found in cloud environments are then added to their concerns with big data, the report finds.
Bekker says, "IoT promises to present a security hurdle of epic proportions. Given the vast amounts of data that could theoretically be generated by IoT devices and platforms, much of it sensitive in nature, enterprises would be well served to develop corporate policies that clearly delineate what will be collected, who will have access, how the data is used, and how long it will be retained.".
Though only 33% of organisations expect to have sensitive data within IoT implementations, they have strong concerns about the safety of that information:
- Protecting sensitive data generated by IoT (35%)
- Privacy violations (30%)
- Identifying which data is sensitive (29%)
- Privileged user access to IoT data and devices (28%)
- Attacks on IoT devices may impact critical operations (27%)
Fuelling these concerns is also the intersection of IoT with big data, which has the potential to create a new class of risks. This class of risks centres on the potential for privacy violations when large, seemingly innocuous IoT data sets are combined, or are analysed in conjunction with other information, according to Vormetric.
"As cloud, big data and IoT adoption accelerates, these technologies continue to bring new sets of unique risks to organisations," says Tina Stewart, Vormetric VP of marketing.
"These risks are driven by the nature of these emerging technology solutions, and the breakneck speed at which new offerings are being developed.
"With the recent emergence of offerings that have increased data security options built in, or available through partners, service providers and offerings are gradually making available the security controls that enterprises need to meet regulatory and compliance obligations as well as other data security requirements. But there is still much work to be done," she says.