UK CISOs fear security flaws in the public cloud, yet only one company in five encrypts all data

Nine in ten IT execs in the UK are concerned with the security of the public cloud, and almost 20% do not deploy security for sensitive data stored outside the company’s infrastructure, according to a recent Bitdefender survey. Half of those surveyed admit cloud migration has significantly expanded the size of the border they have to defend, while only one in five encrypts already migrated data.

These are some of the findings of a survey released by security firm Bitdefender. The study explores the pressures cloud migration place on 1,051 IT security professionals from large enterprises with 1,000+ PCs and data centers, based in the US, the UK, France, Italy, Sweden, Denmark, and Germany. As EU’s General Data Protection Regulation (GDPR) goes into effect on May 2018 — roughly eight months away — many organizations still find themselves struggling to comply. The new requirements include that data be protected adequately, and when breaches do occur organizations had better have notification capabilities in place that align with GDPR standards.

The increasing adoption of hybrid cloud — a mix of public cloud services and privately owned data centers, already in place for 70 percent of companies on a global level – is giving rise to new security challenges and prompting CISOs to adopt different technologies to fight zero-day exploits, Advanced Persistent Threats, and other devastating types of cybercrime.

Hybrid cloud brings hybrid issues

Some 85 percent of CISOs say encryption is the most effective security mechanism to secure public-cloud-stored data, followed by security software (mentioned by 75 percent of respondents) and backups (trusted by almost half of those surveyed).

According to the survey, most US companies – a third – secure 31 to 60 percent of data stored in the public cloud, while only 21% encrypt all data stored there. Another area of concern is that 20 percent of CISOs do not deploy security in the public cloud, while a fifth do not encrypt data in transit from their own data center to an external one.

Bitdefender security specialists recommend that any data transfer between the client and the cloud service provider be encrypted to avoid man-in-the-middle attacks that could intercept and decipher all broadcasted data. Beyond that, any data stored locally or in the cloud should be encrypted to make sure cybercriminals cannot read it, in case of data breaches or unauthorized access.

To become GDPR compliant, companies need to identify data that falls under the regulations’ control – “any information relating to an identified or identifiable natural personal” –, document how this data is secured, and create incident response plans.

The survey also shows that 71 percent of IT decision makers use a security solution developed for endpoints to protect physical and virtual infrastructures, but 24 percent have implemented separate tools. Out of those, 79 percent do it to protect sensitive customer and consumer data, 70 percent cite compliance with internal and regulatory requirements, and 56 percent want to prevent service interruptions resulting from attacks.

The survey, conducted in May 2017 by Censuswide for Bitdefender, included 1,051 IT security purchase professionals from large enterprises with 1,000+ PCs and data centers, based in the US, the UK, France, Italy, Sweden, Denmark, and Germany.

continuous sec

This is a Security Bloggers Network syndicated blog post authored by Razvan Muresan. Read the original post at: Business Insights In Virtualization and Cloud Security