Security pros split on whether cloud vendors should co-operate with government

A new survey has revealed that information security professionals are split over whether cloud suppliers should co-operate with governments by providing access to encrypted data.

The Mitigating Cloud Risks survey, conducted by data protection company Bitglass along with the Cloud Security Alliance, found that more than one in three IT pros believe cloud providers should turn over encrypted data to government when asked.

Government intervention aside, many organisations have experienced cloud security incidents, though these aren’t the widespread breaches many anticipated – the majority of incidents stem from inappropriate use of the cloud, led by unwanted external sharing and access from unmanaged devices.

Key findings from the survey include:

  • 35% believe cloud app vendors should be forced to provide government access to encrypted data while 55% are opposed. 64% of US-based infosec professionals are opposed to government cooperation, compared to only 42% of EMEA respondents.
  • Most organisations have experienced some cloud security incident, with 59% related to unwanted external sharing and 47% involving access from unauthorised devices.
  • Cloud visibility is lacking – less than half (49%) of organisations know even the basics, such as where and when sensitive data is being downloaded from the cloud.
  • Cloud Access Security Brokers (CASBs) are on the rise; 60% of organisations have deployed or plan to deploy a CASB, with data leakage prevention cited as the most important capability.
  • Few have taken action to mitigate shadow IT threats, with 62% relying on written policies rather than technical controls.

“While hotly contested issues like government intervention remain open, major public cloud vendors have demonstrated that the cloud can be more secure than premises-based applications,” said Nat Kausik, CEO of Bitglass.

“The primary open concern is whether enterprises can put policies and controls in place to use the cloud securely.”

“The decision as to whether or not an organisation wants their cloud provider to turn over encrypted data to government when asked is one that all organisations should ask themselves as they make the move to the cloud,” added John Yeoh, senior research analyst of CSA.

The full report can be viewed here.

Related reading