More than half (62 per cent) senior-level IT and security people thought the Government snoops on their corporate data, without their knowledge, while it resides in the cloud. So an industry survey suggests.
Over half of respondents in the survey by Voltage Security work for organisations employing more than 5,000 people, representing financial services, retail, healthcare and insurance industries. According to Voltage these results indicate the need to protect sensitive information from exposure, regardless of whether the exposure is caused by a malicious act, an inadvertent slip, a surveillance operation or a failure of protective controls or processes.
Dave Anderson, Voltage Senior Director says: “Any sensitive information, including financials, customer and employee data or intellectual property needs to be protected across the entire lifecycle of that data. Any loss or exposure of that data can result in compliance or regulatory fines, loss of brand and reputation and, as the recent NSA events further validate, a loss of privacy around how we communicate and the content of those communications.”
According to the IT security firm people are growing stronger in their beliefs that security, privacy and compliance are not just a tactical, ‘check the box’ activity that they have to do, but rather is a strategic process that adds value in their ability to securely communicate.
“Supervisory data protection controls can deliver and maintain compliance with sanctioned government regulations, and avoid any unnecessary ad-hoc snooping and surveillance activities”, says Anderson.
Privacy and security can be balanced with regulatory compliance as part of a data protection programme, the company suggests. The ability to “de-identify” information, either through encryption, tokenization or data masking capabilities, provide mechanisms it is claimed to secure sensitive data, how that data is communicated, used and managed.
As more organisations use the cloud for data processing and analytics, the only way to provide the necessary levels of security to guard against data loss, through surveillance, a malicious attack, or an inadvertent disclosure, is through a data-centric security programme, according to the firm. “We believe that this approach, which can protect sensitive data across the entire data lifecycle, can allow companies to leverage the benefits of cloud adoption, and ensure their sensitive data is protected from any prying eyes. This approach can completely change the negative view of 62 per cent of companies regarding the security of their data in the cloud,” adds Anderson.
For more information, visit www.voltage.com.
