Security Experts Differ on Government Cooperation
When it comes to data protection and government cooperation, the opinions run the gamut, especially when the people being asked are security experts in the IT sector. The revelations by Edward Snowden created an environment of mistrust for government organizations that will probably not soon subside. And a new report by Bitglass in collaboration with the Cloud Security Alliance (CSA) pretty much validates those feelings, even though the opinions vary according to geographical regions.
The report, Mitigating Cloud Risks, surveyed 176 information security professionals in the Americas, EMEA and APAC regions across a wide range of industries and level of responsibility. The organizations in question had employees ranging from hundreds to more than 50,000 in different countries.
When it came to government intervention, the question was asked how far cloud vendors should be forced to go. A surprising 35 percent said vendors should be forced to build capabilities to decrypt data specifically for law enforcement purposes. However, there was another 12 percent who had a stronger opinion in this matter, they said vendors should be forced to use government mandated encryption algorithms. Another 13 percent suggested tracking the movement and location of the data.
For organizations using cloud services, it is extremely important to find out where the company stands when it comes to turning over data to the government.
John Yeoh, Senior Research Analyst of CSA, explains it further by saying, "The decision as to whether or not an organization wants their cloud provider to turn over encrypted data to government when asked is one that all organizations should ask themselves as they make the move to the cloud."
He goes on to say, "It is also a critical question organizations should be asking of their cloud providers, as part of a comprehensive assessment of cloud providers' security controls. The more information and policy detail that can be clearly spelled out up front, the greater the chance that an organization will have a successful, long term relationship with their cloud provider."
As for the different regions, 64 percent of professionals are opposed to government cooperation in the Americas, compared to 42 percent in the EMEA – no data was available for APAC.
In addition to these data points, the report also revealed most of the organizations in the survey had experienced a cloud security incident, with 59 percent related to unwanted external sharing and 47 percent involving access from unauthorized devices.
With the increased adoption of cloud services, the problem of security will remain a challenge. Another report released by Crowd Research Partners and leading cloud security vendors, including Bitglass surveyed, 2,200 global cybersecurity professionals revealed cloud security concerns are evolving with the increasing adoption of cloud computing. More than eight in 10 or 84 percent of the respondents were dissatisfied with traditional security tools when applied to cloud infrastructure.
Even though cloud security has improved, it is still the top barrier for cloud adoption because traditional security tools don't completely address the challenges cloud infrastructures face.
Edited by Peter Bernstein