- 14 December 2012 15:16
SafeNet: Organisations Would Move to the Cloud If Data Protection Concerns Were Addressed
SafeNet polls over 100 ANZ IT Leaders on cloud security concerns.
60% of organisations are using cloud services but these are mostly SaaS, not IaaS or PaaS.
The top three concerns for data protection in the cloud are data isolation (63%), the use of strong authentication (61%) and data encryption (59%).
52% of participants want physical ownership of their own encryption keys.
Sydney, Australia – 14 December 2012 – SafeNet, a global leader in information security, announced that less than 20% of organisations polled in Australia and New Zealand are currently using Infrastructure-as-a-Service or Platform-as-a-Service cloud technologies but more would do so if their information was protected. While 60% of 123 senior IT professionals surveyed said their organisations are using some sort of cloud service, these were mostly Software-as-a-Service applications, with only 13% of organisations using IaaS and 6% of organisations using PaaS services.
Among concerns about data protection in the cloud, most important to organisations is the need to isolate their own data when using a cloud provider (chosen by 63% of respondents), the ability to secure access with the use of strong authentication (61% of respondents), encryption of high-value data itself (59%) and physical ownership of their own keys (52%).
According to Gartner Research (Forecast Overview: Public Cloud Services, Worldwide, 2011-2016, 3Q12 Update, published on 24 September 2012), Australia's public cloud market will reach US$2.63 billion this year, and has a compound annual growth rate (CAGR) of 20.9 percent for the 5 year period through 2016. Worldwide spending in public cloud services is on the up, with an expected CAGR of 17.9 percent from 2011 to 2016.
As more information moves to private or public clouds, the number of users with access to an organisation’s data multiplies and risks associated with data leakage increases. Despite business drivers such as reduced costs and maintenance, and the ability to access business systems anywhere from any device, security for data in the cloud and virtual environments is a major concern for organisations. More than half of the respondents want to ensure that their information is protected and wish to maintain control over their own encryption keys. To address the data security issues and deliver control and governance of data in the cloud, SafeNet offers solutions that allow encryption of the data and secure access and control. With ProtectV and KeySecure, organisations achieve the same control and security level in their virtual environment as they had in their physical datacentre.
According to the survey, 84% of organisations are using password and user ID for user access control while 51% use strong authentication. Strong authentication is vital to maintaining access and control over information in the cloud. SafeNet recommends that organisations ensure that the correct user has authorisation to access information using multi-factor authentication as user name/password technologies do not provide enough security. SafeNet Authentication Service, for example, offers a fully automated, customisable cloud platform that can substantially reduce authentication-related operational costs through the elimination of manual tasks associated with provisioning, administration, billing and management of users and tokens. Service providers can manage their customers from a multi-tier, multi-tenant platform that is vendor-agnostic and will work with an organisation’s existing token technology, enabling a quick migration to a centralised cloud environment with minimal disruption to end-users.
“There is a vast need in Australia and New Zealand to move to cloud and virtualisation as they offer tremendous business benefits for organisations. However businesses and government entities must approach security differently than in the past. There are currently more threats due to the large amounts of data and access and control. SafeNet’s survey shows that organisations are thinking intelligently about their security. They want strong authentication, encryption and ownership of their own keys. SafeNet offers security solutions such as ProtectV and KeySecure that enable control, compliance and governance of critical data.”
– Vince Lee, Regional Director, Australia and New Zealand, SafeNet Inc.
Additional Survey Information
65% of respondents are from organisations with more than 1000 employees
19% of respondents are from government organisations
9% of respondents are from New Zealand
65% of respondents say access to business systems from anywhere, anytime, any device is driving their organisation to migrate applications to the cloud
51% of respondents need to use encryption technologies for compliance mandates such as PCI DSS
StorageSecure overview: http://www.safenet-inc.com/data-protection/storage-security/storage-secure/
KeySecure overview: http://www.safenet-inc.com/data-protection/key-management/key-secure/
ProtectV overview: http://www.safenet-inc.com/Products/cloud/SafeNet_Cloud_Security/
Follow SafeNet on Twitter, Facebook, YouTube and LinkedIn
Founded in 1983, SafeNet, Inc. is one of the largest information security companies in the world, and is trusted to protect the most sensitive data for market-leading organisations around the globe. SafeNet’s data-centric approach focuses on the protection of high-value information throughout its lifecycle, from the datacentre to the cloud. More than 25,000 customers across commercial enterprises and government agencies trust SafeNet to protect and control access to sensitive data, manage risk, ensure compliance and secure virtual and cloud environments.
Sign up now »
Manage and visualize the security and compliance of VMware, physical, and hybrid-cloud infrastructure from the RSA Archer eGRC Platform.
Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).
- Have an incident response plan.
- Pre-define your incident response team
- Define your approach: watch and learn or contain and recover.
- Pre-distribute call cards.
- Forensic and incident response data capture.
- Get your users on-side.
- Know how to report crimes and engage law enforcement.
- Practice makes perfect.
I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.