60% of U.S. IT Decision Makers Surveyed Report Keeping Sensitive Data in the Cloud – 46% See This as a Top Risk
2015 Thales eSecurity Insider Report – Cloud and Big Data Edition
Big data risks to sensitive information (31%) now exceed internal file servers (29%)
SAN JOSE, Calif. – March 24, 2015 – Thales eSecurity, a leader in enterprise data security for physical, big data, public, private and hybrid cloud environments, today announced the results of its cloud and big data focused edition of the 2015 Thales eSecurity Insider Threat Report (ITR). The survey was conducted online on their behalf by Harris Poll in fall 2014 among 818 IT decision makers (ITDMs) in various countries, including 408 in the United States, and analysis was performed in conjunction with analyst firm Ovum. This report extends earlier findings in the global report and recent retail and financial research briefs with details about the impact of potential compromise of cloud platforms and big data environments, as well as the IT security practices that could most improve enterprise adoption.
“The cloud and big data survey results demonstrate that there is both hope and fear when it comes to cloud and big data technologies,” said Andrew Kellett, lead analyst for Ovum and author of the 2015 Thales eSecurity Insider Threat Report – Global Edition. “This fear can lead to slow implementation of these platforms, which stymies innovation and growth. But, there are steps enterprises can take and changes providers can make that will increase adoption. For example, more than half of global respondents would be more willing to use cloud services if the provider offers data encryption with key access control.”
With the vast majority of enterprises (80 percent) now making use of cloud environments (Source Ovum ICT Enterprise Insights – Major Markets Technology Priorities, October 2013 – a global study with 6,700 respondents), 54 percent of respondents globally reported keeping sensitive information within the cloud. With databases and file servers typically rated as top risks for storage of sensitive information, they are now also joined by big data environments – with big data (31 percent) seen by ITDMs as slightly more at risk than file servers (29 percent).
Focus on the Cloud
Although these numbers indicate that the benefits from cloud platforms are driving adoption, most IT decision makers have concerns about relinquishing security and control when they deploy cloud technology. 46 percent express concerns that market pressures are forcing them to use cloud services. Cloud environments (46 percent) outpace databases (37 percent) and file servers (29 percent) as the location perceived as being the greatest risk by enterprise organizations. Additionally the risks associated with big data initiatives (31 percent) are now seen as greater than that of file server environments.
“The safety and security of cloud environments is a key concern for enterprises across the globe,” said John Engates, CTO of Rackspace. “The results of this report highlight the need for addressing the risk of data breaches and compliance in the enterprise. The Rackspace managed cloud can provide enterprise customers with security best practices to help them implement appropriate security measures to protect their data.”
When U.S. respondents were asked about the top data security concerns for cloud services:
- 82 percent note lack of control over the location of data
- 79 percent cite increased vulnerabilities from shared infrastructure
- 78 percent call out privileged user abuse at the cloud provider
In addition, for cloud service providers who want to grow their enterprise business, the global respondents cited the top four changes that would increase their willingness to use cloud services:
- 55 percent asked for encryption of data with enterprise key control on their premises
- 52 percent selected encryption of their organization’s data within the service provider’s infrastructure
- 52 percent also want service level commitments and liability terms for a data breach
- 48 percent desire explicit security descriptions and compliance commitment
“The data shows that U.S. IT decision makers are conflicted about their cloud deployments,” said Alan Kessler, CEO of Thales eSecurity. “Market pressures and the benefits of cloud service use are strong, but enterprises have serious security concerns around these environments. There is enormous anxiety over how sensitive data and systems can best be protected, with lack of control listed as the number one worry among U.S. respondents. For cloud service providers to increase their footprint in the enterprise, they must address enterprise requirements around security, data protection and data management. More specifically, cloud service providers need to provide better protection and visibility to their customers.”
Focus on Big Data
Big data projects regularly rely on the cloud-based service delivery model to support high processing and data usage overheads, causing double jeopardy issues. Many security concerns with cloud deployments also apply to big data initiatives. Also, a meaningful proportion of the data involved is likely to be of a sensitive or even classified nature. Yet, big data projects are typically run off-premise using the cheapest and fastest options available. ASEAN respondents reported higher sensitive data use within big data environments than any other region (45 percent), while Japan is the most conservative (12 percent).
“59% of US survey respondents identified privileged users as the biggest threat to their organizations. Failure to adequately handle security requirements, especially around mission critical applications, places an enterprise at significant risk, exposing sensitive data to possible data breaches,” said Ravi Mayuram, SVP Couchbase Engineering. “With big data security at the top of every CIO agenda, every NoSQL deployment should protect sensitive data access for interactive, operational applications.”
The top three concerns in big data initiatives are sensitive information residing anywhere in the environment (41 percent), security of reports that include sensitive data (37 percent) and lack of security frameworks and controls within the environment (34 percent). It should be noted that privileged user access to protected data in the implementation ranked a close fourth at 32 percent.
As cloud and big data adoption further accelerates, these technologies also bring new risks to organizations with additional administrative roles and potentials for infrastructure compromise. These risks are readily apparent to enterprise IT teams; in the survey, respondents cited security fears over employees, privileged users, survey providers and hackers.
The survey results and research report are available from Thales eSecurity and can be found here.
Thales eSecurity’s 2015 Insider Threat Report was conducted online by Harris Poll on behalf of Thales eSecurity from September 22-October 16, 2014, among 818 adults ages 18 and older, who work full-time as an IT professional in a company and have at least a major influence in decision making for IT. In the U.S., 408 ITDMs were surveyed among companies with at least $200 million in revenue with 102 from the health care industries, 102 from financial industries, 102 from retail industries and 102 from other industries. Roughly 100 ITDMs were interviewed in the UK (103), Germany (102), Japan (102), and ASEAN (103) from companies that have at least $100 million in revenue. ASEAN countries were defined as Singapore, Malaysia, Indonesia, Thailand, and the Philippines. This online survey is not based on a probability sample and therefore no estimate of theoretical sampling error can be calculated.
About Thales eSecurity
Thales eSecurity (@Thalesesecurity) is the industry leader in data security solutions that protect data-at-rest across physical, big data and cloud environments. Thales eSecurity helps over 1500 customers, including 17 of the Fortune 30, to meet compliance requirements and protect what matters — their sensitive data — from both internal and external threats. The company’s scalable Thales eSecurity Data Security Platform protects any file, any database and any application’s data —anywhere it resides — with a high performance, market-leading solution set.