The large number of recent surveillance and security exploit disclosures, such as Heartbleed, recent major data breaches and Snowden revelations,has prompted EU regulatory discussions around balkanizing the cloud and even suspending the established practice of safe harbour. But despite this, visibility and control over what cloud applications employees are using and where they are putting sensitive data is still very low and a cause for concern in many businesses.
This, at least, is the opinion formed by cloud information protection, CipherCloud, following a cloud 'health check' survey the company conducted at the recent Infosecurity Europe conference and exhibition in London.
The survey gauged respondents’ attitudes towards the effect of industry developments, such as surveillance and breaches, as well as the protection technologies in use at their organisations. Most notably, responses highlighted undaunted enthusiasm to continue cloud projects, despite the risks and the web of privacy regulations across regions and industries.
This may be explained by the strong confidence that the majority of respondents placed in the ability of cloud data security and visibility solutions to protect enterprise data from unauthorised access.
The main points to emerge from the survey show that, when it comes to cloud adoption, only 11 percent of respondents indicated that Heartbleed, breaches and Snowden have significantly altered their cloud adoption plans, while 56 percent said that these issues had made little impact on their plans. Only 15 percent expressed a high level of confidence in their organisations’ level of visibility into all cloud applications in use by their employees.
When it comes to data control, 43 percent noted no enterprise control or visibility into whether employees were putting sensitive data into the cloud, while 28 percent expressed strong confidence in their data control capabilities. Well over half, 64 percent, said that protecting their cloud data was very important. There is still a number of users that only consider data protection as an afterthought, though the survey shows this to be down to around 7 percent of respondents, which indicates a trend in the right direction.
There are also signs that the oft-repeated mantra - if data moves in the cloud, encrypt it – is also getting through, with 55 percent of the respondents indicating that they see high value in encrypting their cloud data to protect it from potential breaches and or third party surveillance.
“Security and privacy risks have followed sensitive data into the cloud, making cloud information protection a new imperative for enterprises,” said Bob West, Chief Trust Officer at CipherCloud. “It is no longer practical to leave sensitive data not protected. The smart recourse is proactive defence with strong encryption as the fail-safe to protect data in the worst case scenario of a breach.”
Yet it seems possible to read these results and see a trend which suggests that the messages about implementing and maintaining good cloud security practices are getting through. It seems that more businesses are not only aware of security issues but also the need to actively defend against them.
It will be interesting, over the coming few years, to see whether that strong confidence in cloud security expressed by the respondents is well-founded, or a dreadful mistake.