Most, 93pc of respondents will use sensitive data in an advanced technology (defined as cloud, SaaS, big data, IoT and container) environments this year, according to the 2017 Thales Data Threat Report, Advanced Technology Edition, issued with analyst firm 451 Research. A majority of those respondents (63pc) also believe their organisations are deploying these technologies ahead of having appropriate data security.
Fears
While concerns about data security in cloud environments remains high, they’ve dropped off since last year. In 2016, 70pc of respondents voiced worries about security breaches from attacks targeting cloud service providers (CSPs); in 2017, 59pc expressed fears. The second biggest concern, cited by 57pc of respondents, is ‘shared infrastructure vulnerabilities’, followed by ‘lack of control over the location of data’ (55pc). On the SaaS side, 57pc of respondents report they are leveraging sensitive data in SaaS environments – up from 53pc in 2016. When it comes to SaaS insecurities, respondents are most fearful about online storage (60pc), online backup (56pc), and online accounting (54pc).
Garrett Bekker, principal analyst for Information Security at 451 Research says: “Most major cloud providers have larger staffs of highly trained security professionals than any enterprise, and their scalability and redundancy can provide protection from the kinds of DDOS attacks that can plague on-premises workloads. Perhaps as a result of the recognition of these public cloud security realities, security concerns overall for public cloud are waning.”
Big data and IoT
Big data is a big topic of conversation – so it might be unsurprising to learn 47pc of respondents are using sensitive data in big data environments. When it comes to security, respondents cite their top fear as ‘sensitive data everywhere’ (46pc), followed by ‘security of reports’ (44pc) and ‘privileged user access’ (36pc).
IoT adoption is higher, with 85pc of respondents taking advantage of IoT technology and 31pc using sensitive data within IoT environments. Despite IoT’s popularity, and despite the personal or critical nature of many IoT tools (medical and fitness devices; video cameras and security systems; power meters), only 32pc of respondents report being ‘very concerned’ about their data. When pressed about their top fears, 36pc of respondents cited ‘protecting the sensitive data IoT generates’, followed by ‘identifying sensitive data’ (30pc) and ‘privacy concerns’ (25pc).
Containers
Although less than five years old, container environments have proven popular, the survey sugegsts. Some 87 percent of respondents have plans to use containers this year, with 40pc already in production deployment. But similar to the emerging IoT environment (and owing to their relative immaturity), there remains a lack of enterprise-grade security controls in most container environments. Security is cited as the number one barrier to container adoption by 47pc, followed by ‘unauthorised container access’ (43pc), ‘malware spread between containers’ (39pc), and ‘privacy violations resulting from shared resources (36pc)’.
While advanced technologies show promise and business benefits, they are relatively young and in some cases, untested, the firm adds. Understanding this risk, respondents are gravitating towards a proven security control – encryption. According to the report, 60pc of respondents would increase their cloud deployments if CSPs offered data encryption in the cloud with enterprise key control. Data encryption (56pc) and digital birth certificates with encryption (55pc) are also listed as the two most popular security options for IoT deployments. Rounding out the list is containers, with 54pc of respondents citing encryption as the number one security control necessary for increasing container adoption.
Peter Galvin, VP of strategy, Thales e-Security says: “The digital world we live in, which encompasses everything from cloud to big data and the IoT, demands an evolution of IT security measures. The traditional methods aren’t robust enough to combat today’s complicated threat landscape. Fortunately, adopters of advanced technologies are getting the message – as evidenced by the number of respondents expressing an interest in or embracing encryption. Putting an ‘encrypt everything’ strategy into practice will go a very long way towards protecting these powerful, yet vulnerable, environments.”
