According to a recent report, 93 percent of enterprises will use sensitive data in advanced technology environments this year (defined as cloud, SaaS, big data, IoT and container). However, 63 percent believe their organizations are deploying these technologies ahead of having appropriate data security solutions in place.
Data security and cybersecurity solutions supplier Thales last week announced these results and more in its 2017 Thales Data Threat Report, Advanced Technology Edition, issued in conjunction with analyst firm 451 Research.
Sensitive data use by advanced technology environment
Fears about cloud decreasing, SaaS usage increasing
While concerns about data security in cloud environments remain high, they’ve dropped off since last year. In 2016, 70 percent of respondents voiced worries about security breaches from attacks targeting cloud service providers (CSPs); in 2017, 59 percent expressed fears.
The second biggest concern, cited by 57 percent of respondents, is “shared infrastructure vulnerabilities,” followed by “lack of control over the location of data” (55 percent).
On the SaaS side, 57 percent of respondents report they are leveraging sensitive data in SaaS environments – up from 53 percent in 2016. When it comes to SaaS insecurities, respondents are most fearful about online storage (60 percent), online backup (56 percent) and online accounting (54 percent).
Garrett Bekker, principal analyst for Information Security at 451 Research says:
“Most major cloud providers have larger staffs of highly-trained security professionals than any enterprise, and their scalability and redundancy can provide protection from the kinds of DDOS attacks that can plague on-premises workloads. Perhaps, as a result of the recognition of these public cloud security realities, security concerns overall for public cloud are waning.”
Big data and IoT – big hype, big security threat?
Big data is a big topic of conversation – so it might be unsurprising to learn 47 percent of respondents are using sensitive data in big data environments. When it comes to security, respondents cite their top fear as “sensitive data everywhere” (46 percent), followed by “security of reports” (44 percent) and “privileged-user access” (36 percent).
IoT adoption is even higher, with 85 percent of respondents taking advantage of IoT technology and 31 percent using sensitive data within IoT environments. Despite IoT’s popularity, and despite the personal or critical nature of many IoT tools (medical and fitness devices; video cameras and security systems; power meters), only 32 percent of respondents report being “very concerned” about their data.
When pressed about their top fears, 36 percent of respondents cited “protecting the sensitive data IoT generates,” followed by “identifying sensitive data” (30 percent) and “privacy concerns” (25 percent).
Containers – the new (risky?) technology on the block
Although less than five years old, container environments have proven exceptionally popular. This year, 87 percent of respondents have plans to use containers, with 40 percent already in production deployment.
But similar to the emerging IoT environment (and owing to their relative immaturity), there remains a lack of enterprise-grade security controls in most container environments. Security is cited as the number one barrier to container adoption by 47 percent, followed by “unauthorized container access” (43 percent), “malware spread between containers” (39 percent), and “privacy violations resulting from shared resources” (36 percent).
Encryption the security strategy of choice for advanced technologies
While advanced technologies show great promise and business benefits, they are relatively young and in some cases, untested. Understanding this risk, respondents are gravitating towards a proven security control – encryption.
According to the report, 60 percent of respondents would increase their cloud deployments if CSPs offered data encryption in the cloud with enterprise key control. Data encryption (56 percent) and digital birth certificates with encryption technology (55 percent) are also listed as the two most popular security options for IoT deployments.
Rounding out the list is containers, with 54 percent of respondents citing encryption as the number one security control necessary for increasing container adoption.
Peter Galvin, VP of strategy, Thales e-Security says:
“The digital world we live in, which encompasses everything from cloud to big data and IoT, demands an evolution of IT security measures. The traditional methods aren’t robust enough to combat today’s complicated threat landscape. Fortunately, adopters of advanced technologies are getting the message – as evidenced by the number of respondents expressing an interest in or embracing encryption. Putting an ‘encrypt everything’ strategy into practice will go a very long way towards protecting these powerful, yet vulnerable, environments.”
According to Bekker at 451 Research, organizations interested in both taking advantage of advanced technologies and keeping data secure should strongly consider the following recommendations:
1. Re-prioritize your IT security tool set
- Cloud and SaaS break legacy IT security models – Data security with encryption and access controls across environments is required
- Service-based solutions and platforms that include automation are preferred for reduced costs and simplicity
2. Discover and classify
- Get a better handle on the location of sensitive data, particularly for Cloud, Big Data, Containers and IoT
3. Don’t just check off the compliance box
- Move beyond compliance to greater use of encryption and BYOK, especially for cloud and other advanced technology environments
4. Encryption and access control
Encryption needs to move beyond laptops and desktops
- Data center – File and application level encryption and access controls
- Cloud – Encrypt and manage keys locally, Bring Your Own Key (BYOK) technologies enable safe SaaS, PaaS and IaaS
- Big data – Encryption and access control within the environment
- Containers – Encrypt and control access to data (within containers and underlying storage)
- IoT – Use secure device ID and authentication, as well as encryption of data at rest on devices, back end systems and in transit to limit data threats