Business leaders struggle with cloud, big data and IoT security

New survey of enterprise leaders highlights concerns over security in new IT architectures as sensitive data moves to cloud, big data and IoT environments.

Call it the security conundrum.

Business leaders are racing to adopt new IT systems like cloud computing, big data and Internet of things (IoT), and yet at the same time express mounting concerns about the security of sensitive information in those environments.

A new survey of more than 1,000 enterprise leaders conducted by 451 Research on behalf of the security vendor Vormetric helps quantify the situation.

[ Related: Cybersecurity much more than a compliance exercise ]

Eighty-five percent of respondents say that they have placed sensitive information in some type of cloud environment or intend to do so, up from 54 percent from last year's survey. Of those, 70 percent say that they are "very" or "extremely" concerned about a security breach at their cloud provider.

There is a similar disconnect with big data and IoT deployments.

An even half of respondents say that they have plans to put sensitive information in a big data environment, up from 31 percent last year, and a third say they are doing the same with an IoT system.

And yet concerns about data security, privacy and information moving around within a big-data or IoT deployment persist.

Security as an afterthought leaves businesses scrambling

The report suggests that the security concerns are the result of a land-rush mentality that has seen firms scrambling to set up new types of IT architectures without thinking through how their sensitive data will be protected in the cloud or a big data or IoT setting.

So security too often comes as an afterthought, says Vormetric CSO Sol Cates.

[ Related: Security priorities shifting to preventing breaches, improving internal controls ]

"There's a lot of catching up they're doing right now," Cates says. "The business is forcing them to get there quicker, and they're really trying to understand, how do I reduce these risks."

The three areas that the study evaluated might be the hot new topics in the tech sector, but the security concerns that they raise fit into reliable "historical patterns of IT evolution," according to Garrett Bekker, the author of the report and a senior analyst with 451 Research.

"Unfortunately," Bekker writes, "security considerations typically take a back seat to establishing a market presence, and only get their due either as a way to remove barriers to adoption or plug holes after the damage is done. Not surprisingly, then, we have observed a fairly strong positive correlation over time between the maturity of a specific computing model or resource, and the ability to secure that resource -- and cloud, big-data and IoT have followed a similar pattern."

So cloud service providers, as a class, might be further along in their security posture than firms specializing in big data or IoT services. However, Cates notes that it is difficult to disentangle the three, given that IoT systems are geared to produce large volumes of data, which in turn commonly reside on a cloud-based architecture.

[ Related: Study: Compliance biggest cloud security challenge ]

The report suggests that enterprises are clinging to outdated security approaches focusing on endpoints and the network perimeter, when they would be better served by a data-driven strategy that would concentrate on securing the information itself through encryption and other tactics.

"To a large extent," Bekker writes, "both security vendors and enterprises are like generals fighting the last war."

Cates says that some of the challenge is organizational. Too often, he says, CIOs and CISOs work at cross purposes, with the former rushing to push out new technologies to support the business side of the enterprise, while the marginalized security unit operates in a vacuum.

"I think, in general, security teams in large organizations are misaligned with the business," Cates says. "There needs to be an alignment there."

Join the CSO newsletter!

Error: Please check your email address.

More about CSOVormetric

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Kenneth Corbin

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts