A PerspecSys study, conducted on the show floor of RSA Conference 2014, polled 130 security professionals about their organizations’ policies and attitudes as they relate to implementation of the cloud. An overwhelming 74 percent believe security for cloud-based data in 2014 will be a bigger concern than securing data on-premise.
In fact, 66 percent of security pros still view the cloud as more difficult to secure than on-premise options.
Despite a clear consumer shift towards productivity-enhancing cloud applications, many organizations have not taken the proper steps to ensure their data is safe:
- Almost 31 percent of respondents do not allow employees to access cloud applications such as Salesforce and DropBox from their mobile devices, but indicate employees do it anyway.
- 34 percent of organizations do not encrypt or use tokenization in the cloud.
- 31 percent of organizations do not have any significant security protocols in place for employees using cloud applications.
“Through the poll data, as well as the results of hundreds of conversations we had at our exhibition booth, we were surprised to see how few companies are putting protocols in place for employees using cloud apps, as they are nearly ubiquitous as productivity enhancers and can hold important data that an organization has a vested interest in protecting,” said David Canellos, CEO of PerspecSys.
“The data reinforces that simply blocking access isn’t an option, it’s time to be proactive and put long trusted security tools such as encryption and tokenization in place to make sure that no matter where your data is, it is protected,” Canellos added.
Gartner’s Stephen Kleynhans, research vice president, notes, “Enterprises must establish policies to manage the use of consumer-grade personal cloud tools, ensuring that appropriate information security and compliance controls aren’t being overlooked. IT organizations must also actively survey the user base to understand the motivation behind the tools’ use and ensure that advantageous functionality hasn’t been missed as part of official IT-supported enterprise user environments. IT organizations need to look for places where consumers are using personal cloud services and related apps, and understand the motivations, realizing there may be significant business value that has been missed by IT.”
The NSA, a major discussion point of this year’s RSA conference, is not to be blamed for this attitude, as nearly half of those surveyed indicated that recent headlines and media frenzy surrounding government activity have had no effect on their decision to use the cloud.