Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Varonis Comments on Cloud Encryption Report

Varonis Systems : 09 August, 2012  (Technical Article)
Data controls matter for organisations transferring confidential and sensitive information to cloud platforms
Varonis Comments on Cloud Encryption Report
Commenting on the new Ponemon report entitled `Encryption in the cloud', Varonis Systems agrees with the governance points raised, noting that, whilst the cloud brings with it a wealth of tangible economic and operational benefits, it also brings more than a few security conundrums.  David Gibson, VP of strategy with Varonis, says that the report confirms many of the security shortcomings of the cloud, although it is fascinating to see how a growing number of organisations are grasping the nettle - and tackling these shortcomings head on.

"It's interesting to hear that 50% of business are transferring sensitive or confidential data to the cloud - with a further third of survey respondents saying their organisations are very likely to transfer sensitive or confidential data to the cloud within the next two years.  For these organisations it's the controls that count -- data needs controls no matter where it lives, to keep it available, private, and to keep its integrity intact  Because organizations are giving up physical security by storing data the cloud, additional compensating controls are warranted, like strong encryption, for example, where the encryption keys are segregated from the cloud provider.  It is concerning to see that Twenty-two percent say the cloud provider is most responsible for encryption key management," Gibson said.

“It is, at the same time, worrying that 39% of organisations believe that the adoption of cloud technology has decreased their security posture – whilst almost two-thirds (64%) of firms who currently transfer sensitive or confidential data to the cloud believe their cloud provider has primary responsibility for protecting that data,” Gibson added.

Varonis recently conducted their own research into views on cloud storage and found that only 36% of respondents said their organizations are regularly using 3rd party file synchronization services, whist 78% would like to offer these services if they could offer them using their existing infrastructure. Furthermore, over half (57%) would be more open to offering access to personal devices (BYOD – Bring Your Own Device) if they could provide secure access to their internal file sharing infrastructure. This is understandable, especially as 57% of organizations report that over 25% of their employees work remotely at least some portion of their time.

Varonis also found that for organizations that do use file synchronization services only 9% of those using 3rd party collaboration services reported that they have created authorization and review processes for the data residing in the cloud; 46% report that they don’t know how access is granted or reviewed; 23% report that they are still developing access processes; 10% report that while access is granted by users, reviews are ad hoc or not performed at all; and an astonishing 12% report that they have no plans to manage access to cloud based file sync services.

The good news, says Gibson, is that most organisations can reap the many of the rewards of cloud-style collaboration – including ease of access from almost anywhere from any device and the benefits of high capacity storage – without sacrificing so much control, by extending their existing infrastructure to create cloud-like access.

This is not as strange as it first sounds, he adds, as a growing number of organisations – perhaps mindful of their overall security – are moving their data into private clouds, that is, remote servers that store only their data, and share no storage facilities with a third party. For them, he explained, economic advantages are tapered with the assurance of knowing they are not sharing resources with another organisation.

“For cloud-style file sharing, one option is an overlay application that effectively runs a secure, private cloud environment using existing corporate IT resources.  As well as answering many of the cloud security issues raised by this excellent report, this approach also gives users the collaboration experience that cloud servers provide, but within their own existing infrastructure. Varonis offer a free beta test version of the DatAnywhere software – supporting up to five users – from the Varonis’ Web site,” Gibson said.
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo