Featured Article from Software Monetization
SafeNet Research and Ponemon Institute Find IT is Losing the Battle on Cloud Security
With Halloween approaching things tend to take on a spooky flavor. Such is unfortunately the case as it turns out when it comes to IT’s efforts to deal with security issues relating to the cloud, according to new research security solutions provider SafeNet (News - Alert) commissioned by the Ponemon Institute. The study, titled “The Challenges of Cloud Information Governance: A Global Data Security Study,” surveyed more than 1800 IT and IT security professionals worldwide, and if are an IT professional you should be a bit spooked by the findings.
At a high level here is what the survey found:
- IT departments find it difficult to control corporate data in the cloud as more than 40 percent of corporate data stored in the cloud is not managed by corporate IT.
- Companies lack a single point of accountability when it comes to data security in the cloud.
- Conventional data security measures are more difficult in the cloud with more organizations turning to encryption and multi-factor authentication to secure data.
In short, what the researchers found is that a majority of IT organizations are kept in the dark when it comes to protecting corporate data in the cloud. This is more than just highlighting the security issues regarding “Shadow IT” activities by LOB employees seeking ways to use apps that IT has yet to certify for use, it highlights the increased risks to organizations that such lack of visibility and control can create.
Before getting to some of the findings and recommendations an infographic from the researchers tells it all.
Cloud security concerns are getting the best of IT
Among the key findings were the following:
- Only 38 percent of organizations have clearly defined roles and accountability for safeguarding confidential or sensitive information in the cloud.
- As noted above, 44 percent of corporate data stored in cloud environments is not managed or controlled by the IT department.
- The aggregated total shown in the infographic is that 71 percent of respondents say it is more difficult to protect sensitive data in the cloud using conventional security practices. They also agree that the types of corporate data stored in the cloud, such as emails, and consumer, customer, and payment information, are the types of data most at risk.
- Nineteen percent of respondents are very confident they know about all cloud computing applications, platforms, or infrastructure services in use in their organizations today.
“The findings reveal that global organizations are struggling to secure data in the cloud due to the lack of critical governance and security practices in place,” said Dr. Larry Ponemon, chairman and founder of the Ponemon Institute (News - Alert). “To create a more secure cloud environment, organizations can begin with simple steps such as including IT security in establishing security policies and procedures; increasing visibility into the use of cloud applications, platforms, and infrastructure; and protecting data with encryption and stronger access controls, such as multi-factor authentication.”
Encryption, multi-factor authentication seen as strong alternatives
On the less spooky side of things there was additional food for thought on the use of encryption and multi-factor authentication as tools for protecting enterprise data when on the move. The survey results that are food for thought on this critical subject include:
- 48 percent say it’s more difficult to control or restrict end-user access to cloud data.
- 34 percent of respondents say their organizations already have a policy in place that requires the use of security safeguards such as encryption as a condition for using certain cloud computing resources.
- 71 percent say the ability to encrypt or tokenize sensitive or confidential data is important
- 79 percent say it will become more important over the next two years.
In addition, when it comes to cloud security currently adoption of better practices is at least directionally correct: 43 percent say their organization is using private data network connectivity; 39 percent say their organizations use encryption, tokenization or other cryptographic tools to protect data in the cloud. Disturbingly, 33 percent say they don’t know what security solutions they use. However, the encouraging news is that 29 percent say they use premium security services provided by their cloud provider.
There is further granularity in the survey regarding safeguards that is more than worth a read. This was commented on by Tsion Gonen, chief strategy officer, SafeNet, who noted “While the cloud has revolutionized the way IT is delivered, many IT organizations are finding it difficult to keep up with demand for these services and the security implications that are created when critical data is stored in the cloud.” He added, “And as we’ve seen in 2014 with a raft of record-breaking data breaches, organizations are attacked frequently from different angles. In order to mitigate risk, there needs to be focused coordination and new approaches to securing data in the cloud, and IT needs to be at the center of this migration.”
Recommendations for Data Security in the Cloud
So much for the trick, the authors did provide a treat in the form of some recommendations for those with concerns as to what to do to mitigate cloud security risks. They were:
- The role of IT organizations is changing and they need to adapt to the new realities of cloud IT by educating employees on security, setting comprehensive policies for data governance and compliance, creating guidelines for the sourcing of cloud services, and establishing rules for what data can and cannot be stored in the cloud.
- IT organizations can accomplish their mission to protect corporate data while being an enabler of “Shadow IT” by implementing data security measures such as “encryption-as-a-service” that allow them to manage the protection data in the cloud in a centralized fashion as their internal organizations source cloud-based services as needed.
- As companies store more data in the cloud and utilize more cloud-based services for their employees, IT organizations need to place greater emphasis on stronger user access controls with multi-factor authentication. This is even more important for companies that give third-parties and vendors to access their data in cloud. Multi-factor authentication solutions can be managed centrally to provide more secure access to all applications and data whether in the cloud or on-premises.
As we head toward the gift-giving season, the list above is something worth considering. After all the gift of peace of mind is one that keeps on giving.
In several previous articles and during many of the webinars I have moderated on the subject, the case has been made that when properly implemented, e.g. with enhanced encryption and strong authentication, in many ways the cloud is actually more secure than relying on legacy solutions for protecting data, both at rest and on the move. Indeed, it is one of the reasons why there is so much interest in premium services being provided by cloud solutions providers in general and security as a service (that other SaaS (News - Alert)) solutions in particular.
The cloud does not have to be a scary place. Happy Halloween!
Edited by Maurice Nagle
Software Monetization eBooks
Featured Case Studies
- Apollo Communications Protects its Intellectual Property and Enforces Software Licensing with Gemalto Sentinel
- Cadac Group Cuts Operational Expenses & Gains Licensing Flexibility with Gemalto Sentinel
- Sentinel LDK Assures Revenue, Expands Licensing Flexibility, and Reduces System Management Costs for CAD Software Company
- Softing Industrial Automation Works with Gemalto Sentinel to Monetize the IoT
- Miko Maximizes Software Revenue & Reduces Operational Expenses with Gemalto Sentinel
- Xsens Technologies Streamlines Operations & Expands Revenue with Sentinel
- Structural Test and Monitoring Software Protected by Sentinel Integrated with NI LabVIEW
- Seize the IoT Opportunity
- Format International Replaces Inflexible Software Protection and Licensing Dongles with Sentinel LDK with EMS
- Envitrans Reduces Software Piracy & Expands Revenue with Sentinel LDK and Sentinel EMS Business Challenges
- Snell Protects Valuable IP and Streamlines Licensing Operations with Sentinel RMS & EMS
- Following Several Acquisitions, Sage Implements Sentinel RMS to Harmonize a Multitude of Disparate Licensing Systems- existing on site now
- With SafeNet Sentinel, AEOL Protects their Market-leading Training Software while Driving Back-office Efficiencies- existing on site now
Featured White Papers
- Frost & Sullivan - Penny Wise, Pound Foolish: The Fallacies of Choosing to Build vs Buy a Software Monetization System
- NEW! Frost & Sullivan - Competitive Analysis of the Software Licensing and Monetization Market
- NEW! IDC Cloud-Based Software Adoption Delivering Value to Customers
- Frost & Sullivan - Get Connected to Profit: Embracing Software Propels Growth in IoT Era
- More Variety with Less Cost: Using Software Features to Achieve Product Differentiation
- Monetizing the IoT: Show Me the Money: A Grey Heron white paper sponsored by Gemalto
- Cloud-Based Software Licensing - A THINKstrategies white paper: Enabling Operational Efficiency, Delighted Customers and Sustainable Competitiveness
- Consolidating Software Licensing Technologies Post M & A: A survival guide for software publishers & intelligent device manufacturers
- 5 Tips for Software Monetization in the IoT
- IDC Supporting Software Business Transformation with Systems Designed for the Task
- How to Achieve a Cloud-Connected Experience Using On-Premise Applications
- IDC Meeting Customer and Business Needs in a Changing Market
- NEW! Cloud-Based Software Licensing: Enabling Operational Efficiency, Delighted Customers and Sustainable Competitive Advantage
- NEW! Pricing Model Flexibility as a Competitive Advantage
- NEW! Monetizing IoT - Show me the Money
- NEW! Monetization Strategies and Technologies to Future-proof Your Business