A new survey has revealed that information security professionals are split over whether cloud suppliers should co-operate with governments by providing access to encrypted data.
The Mitigating Cloud Risks survey, conducted by data protection company Bitglass along with the Cloud Security Alliance, found that more than one in three IT pros believe cloud providers should turn over encrypted data to government when asked.
Government intervention aside, many organisations have experienced cloud security incidents, though these aren’t the widespread breaches many anticipated – the majority of incidents stem from inappropriate use of the cloud, led by unwanted external sharing and access from unmanaged devices.
Key findings from the survey include:
- 35% believe cloud app vendors should be forced to provide government access to encrypted data while 55% are opposed. 64% of US-based infosec professionals are opposed to government cooperation, compared to only 42% of EMEA respondents.
- Most organisations have experienced some cloud security incident, with 59% related to unwanted external sharing and 47% involving access from unauthorised devices.
- Cloud visibility is lacking – less than half (49%) of organisations know even the basics, such as where and when sensitive data is being downloaded from the cloud.
- Cloud Access Security Brokers (CASBs) are on the rise; 60% of organisations have deployed or plan to deploy a CASB, with data leakage prevention cited as the most important capability.
- Few have taken action to mitigate shadow IT threats, with 62% relying on written policies rather than technical controls.
“While hotly contested issues like government intervention remain open, major public cloud vendors have demonstrated that the cloud can be more secure than premises-based applications,” said Nat Kausik, CEO of Bitglass.
“The primary open concern is whether enterprises can put policies and controls in place to use the cloud securely.”
“The decision as to whether or not an organisation wants their cloud provider to turn over encrypted data to government when asked is one that all organisations should ask themselves as they make the move to the cloud,” added John Yeoh, senior research analyst of CSA.
The full report can be viewed here.
Q&A: Enfield Council’s Geoff Waterton explains his journey when collecting arrears using an innovative solution
Geoff Waterton, Head of Collection at Enfield Council, recently participated in an Agilisys webinar to share his experience of adopting an innovative income generation and debt collection solution.
Officers from Surrey and Sussex Police Forces are now using specialist mobile technology to improve frontline policing and reporting
Deal to combine city’s brainpower and business might to speed up ‘smart’ solutions to congestion, air quality and other city challenges
The Government will require all of its contractors that handle sensitive data to hold a Cyber Essentials certificate