Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

8/28/2012
02:21 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Companies Still Struggling With Cloud Security: Reported Higher Incidence Of Data Security Lapse Or Issue From 2011

Trend Micro's annual global cloud security survey found that with greater cloud adoption comes more security issues for companies all over the world.

CUPERTINO, Calif., Aug. 28, 2012 /PRNewswire/ -- Globally, the cloud continues to pose challenges on how to deliver agile, yet secure, IT services to enterprises. The percentage of companies that reported a data security lapse or issue with their cloud service increased from 43 percent in 2011 to 46 percent in 2012, according to a recent global cloud security survey conducted by Trend Micro (TYO: 4704;TSE: 4704), the global leader in cloud security. The executive summary of the survey can be found here.

Trend Micro's annual survey of 1400 IT decision makers from the U.S., UK, Germany, India, Canada, Japan and Brazil found that India had the highest incidence (67 percent) of data security lapse or issue, followed by Brazil (55 percent). India also had the highest - 12 percent -- increase of security lapse or issue in 2011, followed by Japan (a 7 percent increase) and Canada (a 6 percent increase). According to the survey, Japan is less likely to adopt cloud computing than any of the other countries surveyed. Japan also has the lowest usage level for VDI, public cloud and private cloud.

From 2011 to 2012, the overall global cloud adoption increased from 55 percent to 59 percent. This increase may account for the security issues that companies reported in the survey, especially in countries such as India and Canada where cloud adoption rates increased the most. India's adoption rate grew from 38 percent in 2011 to 49 percent in 2012; Canada's adoption rate grew from 42 percent in 2011 to 51 percent in 2012.

Other survey highlights include:

-- Over half (53 percent) of the decision makers surveyed stated that data security is a key reason for holding back their adoption of cloud solutions. This finding is in line with the 40 percent of respondents who stated that their IT security requirements are not being met by current cloud services. -- 53 percent surveyed expressed more willingness to consider using the cloud if cloud providers took a more hands on approach to securing data or if they knew more about how to secure their data in the cloud. -- Despite trepidation in utilizing cloud services, the number of enterprises that have deployed public and private cloud solutions have increased to 20 percent, up from the 13 percent that had solutions deployed in 2011. -- Those respondents who have active public cloud deployments will assign 53 percent of new applications to the cloud within the next year, up from the 46 percent of applications that are currently deployed in the cloud. This signals a consistent rise in demand for cloud services amongst enterprises that have already embraced the cloud. -- There is still confusion about what cloud computing services exactly are. When presented with a list of cloud services, 94 percent of the respondents said they are currently using at least one of them. However, 9 percent of these respondents indicated, that their company has no plans to deploy cloud computing services. This is consistent with 2011 when 7 percent had the same response. -- For those who have public cloud in production, the vast majority indicated that they encrypt their data stored in the cloud (89 percent). This is a 4 percent increase from 2011. 87 percent said they keep a 1:1 copy of all data that is synched to the cloud. "Cloud computing is a reality for all enterprises operating today. However, in the race to put data in the cloud to save on overall costs, companies need to be aware of the hidden cost in terms of data security," said Dave Asprey, vice president of cloud security, Trend Micro. "Cloud providers are not doing enough to secure current cloud services, and enterprises need to broaden their security policies to protect applications and data stored in the cloud as strongly as they protect these within the company's internal infrastructure."

Responsibility for cloud security is shared between the service provider and enterprise

The more cloud infrastructure is controlled by the enterprise, the more the responsibility falls to the organization to provide security. For example, with an Infrastructure as a Service (IaaS) cloud the service provider is responsible for securing the underlying hardware, but businesses are expected to secure their virtual infrastructure and their applications and data built on top of it. This can be achieved with VM security that extends to cloud environments with integrated file and network level protection. But as cloud service providers offer more of the underlying platforms and applications, such as a Platform as a Service (PaaS) or Software as a Service (SaaS), they take on more of the responsibility for security.

Not only is security an inhibitor to cloud deployments, but performance or availability is also a top cloud concern, with 50 percent indicating that this is a barrier to cloud adoption. When evaluating security solutions, enterprises and cloud service providers need security that doesn't sacrifice overall performance of the cloud service.

Trend Micro has invested heavily in a family of multi-layered protection for cloud and virtual environments - all designed to secure the enterprise journey to the cloud--either as solutions offered directly to enterprises or sold through service providers as an add-on to their services.

Trend Micro(TM) Deep Security is designed to prevent data theft, business disruptions, and compliance violations with comprehensive server security that provides VM protection for today's virtualized datacenter and cloud environments. In addition, Trend Micro(TM) SecureCloud(TM) encryption platform applies policy-based key-management technology with industry-standard encryption to give enterprises control over their data stored in public, private or hybrid clouds as well as physical and virtual servers.

Supporting materials

-- Please visit the executive summary of the survey results here. -- Please visit the infographic here. -- To join the discussion on cloud computing issues, and to read our cloud evangelist's latest blog piece on the survey, visit the Trend Micro Cloud Security Blog. -- To learn more about how Trend Micro can help you secure your journey to the cloud, visit www.trendmicro.com/cloud. Survey methodology 1,400 IT professionals from the U.S., the U.K., Germany, Canada, India, Japan and Brazil (200 respondents from each of the seven countries) were invited to participate in a survey on cloud computing. These professionals, from enterprises with over 500 employees, make purchase decisions for cloud computing services, server virtualization or Virtual Desktop Infrastructure (VDI) solutions.

About Trend Micro Trend Micro Incorporated (TYO: 4704;TSE: 4704), the global cloud security leader, creates a world safe for exchanging digital information with its Internet content security and threat management solutions for businesses and consumers. A pioneer in server security with over 20 years' experience, we deliver top-ranked client, server and cloud-based security that fits our customers' and partners' needs, stops new threats faster, and protects data in physical, virtualized and cloud environments. Powered by the industry-leading Trend Micro(TM) Smart Protection Network(TM) cloud computing security infrastructure, our products and services stop threats where they emerge - from the Internet. They are supported by 1,000+ threat intelligence experts around the globe.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
How to Better Secure Your Microsoft 365 Environment
Kelly Sheridan, Staff Editor, Dark Reading,  1/25/2021
Attackers Leave Stolen Credentials Searchable on Google
Kelly Sheridan, Staff Editor, Dark Reading,  1/21/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-4682
PUBLISHED: 2021-01-28
IBM MQ 7.5, 8.0, 9.0, 9.1, 9.2 LTS, and 9.2 CD could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization of trusted data. An attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 186509.
CVE-2020-4888
PUBLISHED: 2021-01-28
IBM QRadar SIEM 7.4.0 to 7.4.2 Patch 1 and 7.3.0 to 7.3.3 Patch 7 could allow a remote attacker to execute arbitrary commands on the system, caused by insecure deserialization of user-supplied content by the Java deserialization function. By sending a malicious serialized Java object, an attacker co...
CVE-2020-13569
PUBLISHED: 2021-01-28
A cross-site request forgery vulnerability exists in the GACL functionality of OpenEMR 5.0.2 and development version 6.0.0 (commit babec93f600ff1394f91ccd512bcad85832eb6ce). A specially crafted HTTP request can lead to the execution of arbitrary requests in the context of the victim. An attacker can...
CVE-2021-20620
PUBLISHED: 2021-01-28
Cross-site scripting vulnerability in Aterm WF800HP firmware Ver1.0.9 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors.
CVE-2021-20621
PUBLISHED: 2021-01-28
Cross-site request forgery (CSRF) vulnerability in Aterm WG2600HP firmware Ver1.0.2 and earlier, and Aterm WG2600HP2 firmware Ver1.0.2 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.