60% of US IT Decision Makers Report Keeping Sensitive Data in Cloud

Vormetric, Inc., in enterprise data security for physical, big data, public, private and hybrid cloud environments, announced the results of its cloud and big data focused edition of the 2015 Vormetric Insider Threat Report (ITR).

The survey was conducted online on their behalf by Harris Poll in fall 2014 among 818 IT decision makers (ITDMs) in various countries, including 408 in the US, and analysis was performed in conjunction with analyst firm Ovum. This report extends earlier findings in the global report and recent retail and financial research briefs with details about the impact of potential compromise of cloud platforms and big data environments, as well as the IT security practices that could most improve enterprise adoption.

“The cloud and big data survey results demonstrate that there is both hope and fear when it comes to cloud and big data technologies,” said Andrew Kellett, lead analyst, Ovum and author of the 2015 Vormetric Insider Threat Report – Global Edition. “This fear can lead to slow implementation of these platforms, which stymies innovation and growth. But, there are steps enterprises can take and changes providers can make that will increase adoption. For example, more than half of global respondents would be more willing to use cloud services if the provider offers data encryption with key access control.“

With the vast majority of enterprises (80%) making use of cloud environments (Source Ovum ICT Enterprise Insights – Major Markets Technology Priorities, October 2013 – a global study with 6,700 respondents), 54% of respondents reported keeping sensitive information within the cloud. With databases and file servers typically rated as top risks for storage of sensitive information, they are also joined by big data environments – with big data (31%) seen by ITDMs as slightly more at risk than file servers (29%).

Focus on the Cloud
Although these numbers indicate that the benefits from cloud platforms are driving adoption, most IT decision makers have concerns about relinquishing security and control when they deploy cloud technology. 46% express concerns that market pressures are forcing them to use cloud services. Cloud environments (46%) outpace databases (37%) and file servers (29%) as the location perceived as being the greatest risk by enterprise organizations. Additionally the risks associated with big data initiatives (31%) are now seen as greater than that of file server environments.

“The safety and security of cloud environments is a key concern for enterprises across the globe,” said John Engates, CTO, Rackspace US, Inc. “The results of this report highlight the need for addressing the risk of data breaches and compliance in the enterprise. The Rackspace managed cloud can provide enterprise customers with security best practices to help them implement appropriate security measures to protect their data.“

When US respondents were asked about top data security concerns for cloud services:

• 82% note lack of control over the location of data
• 79% cite increased vulnerabilities from shared infrastructure
• 78% call out privileged user abuse at the cloud provider
  

For cloud service providers who want to grow their enterprise business, the global respondents cited the top four changes that would increase their willingness to use cloud services:

• 55% asked for encryption of data with enterprise key control on their premises
• 52% selected encryption of their organization’s data within the service provider’s infrastructure
• 52% also want service level commitments and liability terms for a data breach
• 48% desire explicit security descriptions and compliance commitment
  

“The data shows that US IT decision makers are conflicted about their cloud deployments,” said Alan Kessler, CEO, Vormetric. “Market pressures and the benefits of cloud service use are strong, but enterprises have serious security concerns around these environments. There is enormous anxiety over how sensitive data and systems can best be protected, with lack of control listed as the number one worry among US respondents. For cloud service providers to increase their footprint in the enterprise, they must address enterprise requirements around security, data protection and data management. More specifically, cloud service providers need to provide better protection and visibility to their customers.“

Focus on big data
Big data projects regularly rely on the cloud-based service delivery model to support high processing and data usage overheads, causing double jeopardy issues. Many security concerns with cloud deployments also apply to big data initiatives. Also, a meaningful proportion of the data involved is likely to be of a sensitive or even classified nature. Yet, big data projects are typically run off-premise using the cheapest and fastest options available.

ASEAN respondents reported higher sensitive data use within big data environments than any other region (45%), while Japan is the most conservative (12%).

“59% of US survey respondents identified privileged users as the biggest threat to their organizations. Failure to adequately handle security requirements, especially around mission critical applications, places an enterprise at significant risk, exposing sensitive data to possible data breaches,” said Ravi Mayuram, SVP, Couchbase, Inc. “With big data security at the top of every CIO agenda, every NoSQL deployment should protect sensitive data access for interactive, operational applications.“

The top three concerns in big data initiatives are sensitive information residing anywhere in the environment (41%), security of reports that include sensitive data (37%) and lack of security frameworks and controls within the environment (34%). It should be noted that privileged user access to protected data in the implementation ranked a close fourth at 32%.

As cloud and big data adoption further accelerates, these technologies also bring new risks to organizations with additional administrative roles and potentials for infrastructure compromise. These risks are readily apparent to enterprise IT teams; in the survey, respondents cited security fears over employees, privileged users, survey providers and hackers.

Complete survey (registration needed)

Source/Methodology
Vormetric’s 2015 Insider Threat Report was conducted online by Harris Poll on behalf of Vormetric from September 22-October 16, 2014, among 818 adults ages 18 and older, who work full-time as an IT professional in a company and have at least a major influence in decision making for IT. In the US, 408 ITDMs were surveyed among companies with at least $200 million in revenue with 102 from the health care industries, 102 from financial industries, 102 from retail industries and 102 from other industries. Roughly 100 ITDMs were interviewed in the UK (103), Germany (102), Japan (102), and ASEAN (103) from companies that have at least $100 million in revenue. ASEAN countries were defined as Singapore, Malaysia, Indonesia, Thailand, and the Philippines. This online survey is not based on a probability sample and therefore no estimate of theoretical sampling error can be calculated.