Subscribe Now

* You will receive the latest news and updates on the Canadian IT marketplace.

Trending News

Blog Post

C-suite gets an F in cloud security: Intel
CLOUD

C-suite gets an F in cloud security: Intel 

 

Intel Security recently released its Blue Skies Ahead? The State of Cloud Adoption report which contained results of a poll which asked some 1,200 cloud security decision makers across eight countries on issues around cloud adoption and attitudes.

A majority (77 per cent) of participants (75 per cent in Canada) said that their organizations trust cloud computing more than a year ago, just 13 per cent completely trust public cloud providers to secure sensitive data. These findings highlight that improved trust and security are critical to encouraging continued adoption of the cloud.

However, researchers also uncovered what Intel calls a “C-suite blind spot.”

Only one-third (34 per cent) of respondents feel senior management in their organization fully understand the security implications of the cloud.

In Canada, the numbers are even lower, only 28 per cent of those surveyed believe C-level execs and senior management understand security risks in the cloud.

Organizations around the world appear to be challenged when it comes to protecting software-as-a-service (infrastructures)

“…the picture isn’t great when it comes to how well organizations are ensuring cloud security today,” according to an article on CSOonline by Rolf Haas, enterprise technology specialist, for the network security and content division at Intel Security, said. “Some 40 per cent are failing to protect files located on SaaS with encryption or data loss prevention tools, 43 per cent do not use encryption or anti-malware in their private cloud servers, and 38 per cent use IaaS without encryption or anti-malware.”

He said 23 per cent of respondents reported cloud provider data losses or breaches and one in five had incidents of unauthorized access to their organization’s data or services in the cloud.

Othere survey highlights include: 

  • Cloud Investment Trends: A majority of organizations are planning on investing in infrastructure-as-a-service (IaaS) (81 per cent), closely followed by security-as-a-service (79 per cent), platform-as-a-service (PaaS) (69 per cent), and lastly software-as-a-service (SaaS) (60 per cent).
  • Security and Compliance: A majority of respondents (72 per cent) list compliance as the primary concern across all types of cloud deployments, and only 13 per cent of respondents noted knowing whether or not their organizations stored sensitive data in the cloud.
  • Security Risks and the Cloud: Perception and Reality: More than 1 in 5 respondents expressed their main concern around using SaaS is having a data security incident, and correspondingly, data breaches were a top concern for IaaS and private clouds. However, results found that less than a quarter (23 per cent) of enterprises are aware of data breaches with their cloud service providers.
  • The C-Suite Blind Spot: High-profile data breaches with major financial and reputational consequences have made data security a top-of-mind concern for C-level executives, however many respondents feel there is still a need for more education and increased awareness and understanding of risks associated with storing sensitive data in the cloud. Only one-third (34 per cent) of respondents feel senior management in their organization fully understand the security implications of the cloud.
  • Shadow IT, Risk and Opportunity: Despite IT departments’ activity to cull shadow IT activity, 52 per cent of the lines of business still expect IT to secure their unauthorized department-sourced cloud services. This lack of visibility into cloud usage due to shadow IT appears to be causing IT departments concern when it comes to security, with a majority (58 per cent) of respondents surveyed in Orchestrating Security in the Cloud noting that shadow IT has a negative impact on their ability to keep cloud services secure.
  • Security Investment: Cloud security investment varies in priorities across the different types of cloud deployment, with the top security technologies leveraged by respondents being email protection (43 per cent), Web protection (41 per cent), anti-malware (38 per cent), firewall (37 per cent), encryption and key management (34 per cent), and data loss prevention (31 per cent).

“This is a new era for cloud providers,” said Raj Samani, chief technology officer, Intel Security EMEA. “We are at the tipping point of investment and adoption, expanding rapidly as trust in cloud computing and cloud providers grows. As we enter a phase of wide-scale adoption of cloud computing to support critical applications and services, the question of trust within the cloud becomes imperative. This will become integral in realizing the benefits that cloud computing can truly offer.”

Key Canadian highlights were:

Additional key Canadian survey findings include:

  • 46 different cloud services are used on average (43 globally)
  • 17 per cent of respondents completely trusts public cloud providers to secure sensitive data (13 per cent globally).
  • In the next 14 months, 80 per cent of respondent IT budgets will be dedicated to cloud computing (16 months globally).
  • The most common solution to protect private cloud is intrusion protection (63 per cent), compared to firewalls (67 per cent globally).
  • Canada and U.S. are tied (66 per cent) as the most trusted regions for cloud security providers, followed by Western Europe (63 per cent) and Northern Europe (59 per cent).
  • 55 per cent of the lines of business still expects IT to secure their unauthorized department-sourced cloud services (52 per cent globally).
  • 51 per cent noted that shadow IT has a negative impact on their ability to keep cloud services secure (58 per cent globally).

“The reality check here is that the most commonly cited cloud security incidents were actually around migrating services or data, high costs, and lack of visibility into the provider’s operations,” according to Hass.

Related posts