63% of Orgs Use Cloud, IoT Without Proper Security
A full 63% of enterprises are using cloud, big data, internet of things (IoT) and container environments without securing sensitive data.
According to the 2017 Thales Data Threat Report, 93% of respondents will use sensitive data in an advanced technology (defined as cloud, software as a service or SaaS, big data, IoT and container) environments this year—and a majority of those respondents (63%) believe their organizations are deploying these technologies ahead of having appropriate data security solutions in place.
Interestingly though, while concerns about data security in cloud environments remain high, they’ve dropped off since last year. In 2016, 70% of respondents voiced worries about security breaches from attacks targeting cloud service providers (CSPs); in 2017, 59% expressed fears about this. That makes it still the No 1 concern, but by a far smaller margin than just a year ago.
The second biggest concern, cited by 57% of respondents, is "shared infrastructure vulnerabilities", followed by "lack of control over the location of data" (55%). On the SaaS side, 57% of respondents report they are leveraging sensitive data in SaaS environments – up from 53% in 2016. When it comes to SaaS insecurities, respondents are most fearful about online storage (60%), online backup (56%), and online accounting (54%).
“Most major cloud providers have larger staffs of highly trained security professionals than any enterprise, and their scalability and redundancy can provide protection from the kinds of DDoS attacks that can plague on-premises workloads,” said Garrett Bekker, principal analyst for information security at 451 Research. “Perhaps as a result of the recognition of these public cloud security realities, security concerns overall for public cloud are waning.”
Big data is a big topic of conversation—so it might be unsurprising to learn 47% of respondents are using sensitive data in big data environments. When it comes to security hered, respondents cite their top fear as "sensitive data everywhere" (46%), followed by "security of reports" (44%) and "privileged user access" (36%).
IoT adoption is even higher, with 85% of respondents taking advantage of IoT technology and 31% using sensitive data within IoT environments. Despite IoT’s popularity, and despite the personal or critical nature of many IoT tools (medical and fitness devices; video cameras and security systems; power meters), only 32% of respondents report being ‘very concerned’ about their data. When pressed about their top fears, 36% of respondents cited "protecting the sensitive data IoT generates", followed by "identifying sensitive data" (30%) and "privacy concerns" (25%).
Meanwhile, although less than five years old, container environments have proven exceptionally popular. Eighty-seven percent of respondents have plans to use containers this year, with 40% already in production deployment. But similar to the emerging IoT environment (and owing to their relative immaturity), there remains a lack of enterprise-grade security controls in most container environments. Security is cited as the number one barrier to container adoption by 47%, followed by ‘unauthorized container access’ (43%), "malware spread between containers" (39%), and "privacy violations resulting from shared resources" (36%).
The report also found that while advanced technologies show great promise and business benefits, they are relatively young and in some cases, untested. Understanding this risk, respondents are gravitating towards a proven security control—encryption. According to the report, 60% of respondents would increase their cloud deployments if CSPs offered data encryption in the cloud with enterprise key control. Data encryption (56%) and digital birth certificates with encryption technology (55%) are also listed as the two most popular security options for IoT deployments. Rounding out the list is containers, with 54% of respondents citing encryption as the number one security control necessary for increasing container adoption.
Organizations interested in both taking advantage of advanced technologies and keeping data secure should strongly consider: Deploying security tool sets that offer services-based deployments, platforms and automation; discovering and classifying the location of sensitive data within cloud, SaaS, big data, IoT and container environments; leveraging encryption and bring your own key (BYOK) technologies for all advanced technologies, the report recommended.
“The digital world we live in, which encompasses everything from cloud to big data and the IoT, demands an evolution of IT security measures,” said Peter Galvin, VP of strategy, Thales e-Security. “The traditional methods aren’t robust enough to combat today’s complicated threat landscape. Fortunately, adopters of advanced technologies are getting the message—as evidenced by the number of respondents expressing an interest in or embracing encryption. Putting an ‘encrypt everything’ strategy into practice will go a very long way towards protecting these powerful, yet vulnerable, environments.”
Source: Information Security Magazine