IT departments embrace hybrid environments, yet CIOs lack strategies for cloud security and privacy
Submitted by Bitdefender Channel on
As the cloud’s popularity grows, so does the risk to sensitive data. More than half of companies in a recent survey do not have a proactive approach for compliance with privacy and security regulations for data in cloud environments, yet cloud computing is considered a priority to their organizations’ operations.
Cloud computing applications and platform solutions are considered very important or important to their organizations’ operations, according to 73 percent of respondents in the survey. Moreover, eighty-one percent of respondents say cloud solutions will become very important or important over the next two years. The use of cloud computing resources for total IT and data processing requirements is expected to increase from an average of 36 percent to an average of 45 percent in the next two years.
While more customer information is moving to the cloud, it is also considered the information most at risk in the cloud. Payment information and consumer data come second and third. Since 2014, the storage of customer information has increased significantly from 53 percent of respondents to 62 percent of respondents.
The difficulty in protecting confidential or sensitive information when using cloud services decreases. In the previous study, 60 percent of respondents said it is more difficult to protect confidential or sensitive information when using cloud services. This year, the percentage has decreased to 54 percent. However, organizations still face challenges in the protection of confidential information when using cloud services. The difficulty in controlling or restricting end-user access has increased from 48 percent of respondents in the previous study to 53 percent. Other reasons why cloud security is a challenge is the difficulty in applying conventional information security in the cloud computing environment (70 percent) and the inability to directly inspect cloud providers for security compliance (69 percent).
Furthermore, sixty-two percent of respondents say the use of cloud resources increases compliance risk, and only a third think it has no influence on compliance risk.
While cloud adoption has become a reality, the bad news is that most organizations still do not have security policies for the cloud. Sixty percent of respondents say their organizations do not have a policy that requires the use of security safeguards such as encryption as a condition to using certain cloud computing applications. Despite the finding that the majority of respondents say their organizations are committed to protecting confidential or sensitive information in the cloud, 54 percent of respondents do not agree their organizations have a proactive approach to managing compliance with privacy and data protection regulations in the cloud environment, and also disagree that their organization is careful about sharing sensitive information with third parties such as business partners, contractors and providers in cloud environments.
Geographically, sixty percent of German respondents say their organizations have a policy that requires the use of security safeguards such as encryption as a condition to using certain cloud computing applications. In contrast, only 33 percent of respondents in the US, 32 percent of respondents in India and 29 percent of respondents in Brazil say their organizations have such policies in place.
Only a third of sensitive data stored in cloud-based applications is encrypted, proving that protection of data in the cloud is important but not practiced. When asked what security solutions are used to protect data in the cloud, 39 percent of respondents say their organizations use encryption, tokenization or other cryptographic tools. Most respondents (42 percent) say they use private data network connectivity. Thirty-five percent of respondents say they don’t know what security solutions they use. A possible explanation is that business units and corporate IT are making investments in security without input from IT security, authors of the study say. Seventy-two percent of respondents say the ability to encrypt or tokenize sensitive or confidential data is important and 86 percent say it will become more important over the next two years, an increase from 79 percent of respondents.
The primary reasons for selecting a particular cloud provider are efficiency (41 percent of respondents) or cost (37 percent), followed by reputation and customer service. Security comes only fifth.
The cloud will most commonly be used in a hybrid manner by 2020, according to a Gartner report, cited by Business Insights, emphasizing that operating entirely off the cloud will largely disappear by the end of the decade.
Cloud adoption and the widespread usage of hybrid infrastructures will bring unknown security challenges that CIOs have to prevent by adopting breakthrough technologies able to fight zero-day exploits, Advanced Persistent Threats, and other devastating types of cybercrime.
"Information security teams and infrastructure must adapt to support emerging digital business requirements, and simultaneously deal with the increasingly advanced threat environment," said Neil MacDonald, vice president and Gartner Fellow Emeritus, cited by Business Insights. "Security and risk leaders need to fully engage with the latest technology trends if they are to define, achieve and maintain effective security and risk management programs that simultaneously enable digital business opportunities and manage risk."
Bitdefender has solved the technical challenges of creating a solution to the root problem, giving datacenter owners the ability to know what they don’t know, and act on information from below the operating system. It is the only security company that provides security at the ring-1 level and prevents your company from becoming the next victim.
Gartner states in its “Host-Based Controls for Server Workloads Ready for Hybrid IT” report published in April 2016:
“Platform, hypervisor and OS integrity checks are excellent controls for systems over which you have lost end-to-end control, such as in colocated systems. Additionally, this control can, to some extent, defend against certain high-impact malware. Furthermore, it is currently the only safeguard that can verify the integrity of a (formerly) trusted hypervisor. Thus, this control is most feasible for application architectures where the integrity of the hypervisor or of the hardware is of any concern (e.g., high-risk applications in colocated systems or, where supported, public clouds).”
Ponemon Institute surveyed 3,476 IT and IT security practitioners in the United States, United Kingdom, Australia, Germany, France, Japan, Russian Federation, India and Brazil.