Innovation and changeCloud ComputingSecurity pros split on whether cloud vendors should co-operate with government

Security pros split on whether cloud vendors should co-operate with government

Security professionals split over whether cloud suppliers should co-operate with governments by providing access to encrypted data

A new survey has revealed that information security professionals are split over whether cloud suppliers should co-operate with governments by providing access to encrypted data.

The Mitigating Cloud Risks survey, conducted by data protection company Bitglass along with the Cloud Security Alliance, found that more than one in three IT pros believe cloud providers should turn over encrypted data to government when asked.

Government intervention aside, many organisations have experienced cloud security incidents, though these aren’t the widespread breaches many anticipated – the majority of incidents stem from inappropriate use of the cloud, led by unwanted external sharing and access from unmanaged devices.

Key findings from the survey include:

  • 35% believe cloud app vendors should be forced to provide government access to encrypted data while 55% are opposed. 64% of US-based infosec professionals are opposed to government cooperation, compared to only 42% of EMEA respondents.
  • Most organisations have experienced some cloud security incident, with 59% related to unwanted external sharing and 47% involving access from unauthorised devices.
  • Cloud visibility is lacking – less than half (49%) of organisations know even the basics, such as where and when sensitive data is being downloaded from the cloud.
  • Cloud Access Security Brokers (CASBs) are on the rise; 60% of organisations have deployed or plan to deploy a CASB, with data leakage prevention cited as the most important capability.
  • Few have taken action to mitigate shadow IT threats, with 62% relying on written policies rather than technical controls.

“While hotly contested issues like government intervention remain open, major public cloud vendors have demonstrated that the cloud can be more secure than premises-based applications,” said Nat Kausik, CEO of Bitglass.

“The primary open concern is whether enterprises can put policies and controls in place to use the cloud securely.”

“The decision as to whether or not an organisation wants their cloud provider to turn over encrypted data to government when asked is one that all organisations should ask themselves as they make the move to the cloud,” added John Yeoh, senior research analyst of CSA.

The full report can be viewed here.

Related Articles

Making the cloud a safe space

Cloud Computing Making the cloud a safe space

5d Guest Writer
Survey seeks the truth about public sector cloud implementation

Cloud Computing Survey seeks the truth about public sector cloud implementation

2w Austin Clark
Full 360-degree view needed to ensure transformation success

Change Management Full 360-degree view needed to ensure transformation success

3w Austin Clark
Don’t trap your apps: why the cloud isn’t just for native applications

Cloud Computing Don’t trap your apps: why the cloud isn’t just for native applications

4w Guest Writer
How local governments can keep up with cloud

Cloud Computing How local governments can keep up with cloud

1m Guest Writer
Advanced acquires cloud tech provider

Cloud Computing Advanced acquires cloud tech provider

1m Austin Clark
2020 digital vision: what does successful public sector transformation look like?

Cloud Computing 2020 digital vision: what does successful public sector transformation look like?

2m Guest Writer
£2.6bn spent and still no cigar for public sector cloud adoption

Cloud Computing £2.6bn spent and still no cigar for public sector cloud adoption

2m Guest Writer