Cloud

10/26/2017
04:50 PM
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
50%
50%

Security Forecast: Cloudy with Low Data Visibility

Businesses are moving more sensitive data to the cloud but struggle to monitor and manage it once it's there.

A need for greater flexibility, speed, and convenience is driving more businesses to the cloud. Less than 25% had their applications, data, and infrastructure in the cloud two years ago but 44% have them cloud-based today, and 65% will be cloud-based two years from now.

The data comes from a study by Google Cloud and the MIT SMR Custom Studio. Researchers polled more than 500 IT decision-makers and found security is also a key driver of cloud adoption: 44% of respondents moved to the cloud because of their increased confidence in security. Overall, 74% of participants are more confident in cloud security.

In Dark Reading's upcoming 2017 Cloud Security Survey, 62% of IT leaders report moderate to heavy usage of cloud services and applications. Thirty-six believe the cloud is, or eventually will be, more secure than their on-premises IT environments. Twenty percent say they are moving more data to the cloud, partly because of its strong security capabilities.

A Change in Perspective
"It used to be that security was one of the things holding organizations back from the cloud," says Rob Sadowski, trust and security marketing lead for Google Cloud. "What we're starting to see, and what we saw in the research, is the script is almost flipping."

While Sadowski admits the confidence is partly due to improved documentation, he says two-thirds of respondents attribute their confidence to direct experience in the cloud. The top most consistent two reasons for moving to the cloud include "increased flexibility in business processes and vendor choices," and the "ability to integrate with new tools and platforms."

For many, the transition is gradual. Many businesses start out by doing some of their test and development work in the cloud, says Sadowski. They learn how to build new applications in the cloud. Once they achieve a certain level of comfort, they think about other workloads.

"It could be bulk storage, file sync-and-share or collaboration, or sharing data and collaborating," he says. "As you work with more organizations that are distributed around the country and around the globe, having that data in the cloud enhances their productivity."

Over the past 5 to 10 years, the amount of data organizations generate "is exploding," Sadowski continues. After they feel comfortable with testing and development in the cloud, businesses move more important data to understand its growth, apply analytics, and gain insight.

But what happens to all of that data once it's moved to the cloud? Many aren't so sure, and poor visibility could be putting their data at risk.

Data Visibility Remains a Challenge
The confidence boost doesn't mean the cloud is completely secure, or that all companies are fully on board. In Google's study, 63% of respondents who chose not to move data to the cloud cited security concerns. A survey by Threat Stack and Enterprise Strategy group found 31% of respondents are unable to maintain security as cloud and container environments grow, and 62% are seeking greater visibility into public cloud workloads.

"It is a concern for organizations," says Sadowski of visibility, which is a challenge as personally identifiable information and healthcare records move to the cloud. Businesses may be responsible for disclosing the movement of data to the cloud because sensitive data types are often regulated.

Participants in a new SANS survey say they lack visibility, auditability, and controls to actually monitor everything in their public clouds. More than half (55%) say they are hindered from doing adequate forensic and incident response activities because they can't access logs, or underlying system and application details, in cloud environments.

One-third of Dark Reading's cloud survey respondents say visibility is a "mixed bag" and they have good visibility in some areas but none in others. One-quarter say they have good visibility overall with a few blind spots; 11% say "most of our data is invisible to us."

Sadowski advises looking into auditability tools to have greater visibility into who is accessing data and what they are doing with it. This would let you set audit and edit permissions to ensure activity aligns with corporate policies, as well as query the data and make sense of it.

He also emphasizes the importance of encryption to directly protect data. "Encryption is highlighted by many as something they care about, but it's a difficult solution to implement in a lot of cases," Sadowski notes.

Nearly 80 of Google's respondents said it was somewhat or very important to manage the strength of their encryption, or manage the encryption process itself. However, whether the company or cloud provider controls the encryption keys is "a really big bone of contention", says Michael Fuller, associate principal at consultancy The Hackett Group, in the report.

Related Content:

Join Dark Reading LIVE for two days of practical cyber defense discussions. Learn from the industry’s most knowledgeable IT security experts. Check out the INsecurity agenda here.

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
New Cold Boot Attack Gives Hackers the Keys to PCs, Macs
Kelly Sheridan, Staff Editor, Dark Reading,  9/13/2018
Yahoo Class-Action Suits Set for Settlement
Dark Reading Staff 9/17/2018
RDP Ports Prove Hot Commodities on the Dark Web
Kelly Sheridan, Staff Editor, Dark Reading,  9/17/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: In Russia, application hangs YOU!
Current Issue
Flash Poll
How Data Breaches Affect the Enterprise
How Data Breaches Affect the Enterprise
This report, offers new data on the frequency of data breaches, the losses they cause, and the steps that organizations are taking to prevent them in the future. Read the report today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-17177
PUBLISHED: 2018-09-18
An issue was discovered on Neato Botvac Connected 2.2.0 and Botvac 85 1.2.1 devices. Static encryption is used for the copying of so-called "black box" logs (event logs and core dumps) to a USB stick. These logs are RC4-encrypted with a 9-character password of *^JEd4W!I that is obfuscated ...
CVE-2018-17178
PUBLISHED: 2018-09-18
An issue was discovered on Neato Botvac Connected 2.2.0 devices. They execute unauthenticated manual drive commands (sent to /bin/webserver on port 8081) if they already have an active session. Commands like forward, back, arc-left, arc-right, pivot-left, and pivot-right are executed even though the...
CVE-2018-11869
PUBLISHED: 2018-09-18
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of length validation check for value received from firmware can lead to buffer overflow in WMA handler.
CVE-2018-17176
PUBLISHED: 2018-09-18
A replay issue was discovered on Neato Botvac Connected 2.2.0 devices. Manual control mode requires authentication, but once recorded, the authentication (always transmitted in cleartext) can be replayed to /bin/webserver on port 8081. There are no nonces, and timestamps are not checked at all.
CVE-2018-11852
PUBLISHED: 2018-09-18
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper check In the WMA API for the inputs received from the firmware and then fills the same to the host structure will lead to OOB write.