63 Percent of Enteprises Use Advanced Tech Without Securing Sensitive Data


A recent survey of 1,105 senior security executives found that while 93 percent of respondents plan to use sensitive data in advanced technology environments (cloud, SaaS, big data, IoT and container) this year, 63 percent of those respondents are deploying those technologies without appropriate data security solutions in place.

The 2017 Thales Data Threat Report, Advanced Technologies Edition, issued in conjunction with 451 Research, also found that 59 percent of respondents expressed concern about security breaches due to attacks hitting cloud service providers, a drop from 70 percent of respondents last year.

"Most major cloud providers have larger staffs of highly trained security professionals than any enterprise, and their scalability and redundancy can provide protection from the kinds of DDoS attacks that can plague on-premises workloads," 451 Research principal analyst Garrett Bekker said in a statement. "Perhaps as a result of the recognition of these public cloud security realities, security concerns overall for public cloud are waning."

Still, 60 percent of respondents said they would increase their cloud deployments if cloud service providers offered data encryption in the cloud with enterprise key control.

Sensitive Data in SaaS and IoT Environments

Fifty-seven percent of respondents are now using sensitive data in SaaS environments, up from 53 percent last year. In those environments, respondents are most concerned about the security of online storage (60 percent), online backup (56 percent) and online accounting (54 percent).

Eighty-five percent of respondents are now using IoT technology, and 31 percent are using sensitive data in IoT environments. Just 32 percent of respondents say they're "very concerned" about the security of that data. Their leading concerns include protecting the sensitive data IoT generates (36 percent), followed by identifying that sensitive data (30 percent) and handling privacy concerns (25 percent).

As with the cloud, data encryption (56 percent) and digital birth certificates with encryption technology (55 percent) are respondents' preferred security options for IoT deployments.

"The digital world we live in, which encompasses everything from cloud to big data and the IoT, demands an evolution of IT security measures," Thales vice president of strategy Peter Galvin said in a statement. "The traditional methods aren't robust enough to combat today's complicated threat landscape."

"Fortunately, adopters of advanced technologies are getting the message -- as evidenced by the number of respondents expressing an interest in or embracing encryption," Galvin added. "Putting an 'encrypt everything' strategy into practice will go a very long way towards protecting these powerful, yet vulnerable, environments."

An Explosion of Cloud Apps

Separately, Symantec's 2H 2016 Shadow Data Report states that organizations use 20 times more cloud apps than they think they do -- the average enterprise, according to the report, has 928 cloud apps in use.

The report, based on an analysis of more than 20,000 cloud apps, 176 million cloud documents, and 1.3 billion emails, also found that 25 percent of all files stored in the cloud are broadly shared (i.e. to the public, to the entire organization, or to an external third party). Among those, the report states, 3 percent contain compliance related data, including PII, PHI and PCI.

"In file sharing applications PHI data leads the pack with 82 percent of all files at risk of exposure, followed by 43 percent of files containing PII and 42 percent of files containing PCI data," Symantec senior director Deena Thomchick wrote in a blog post analyzing the findings.

Similarly, 27 percent of all emails in the cloud are broadly shared -- and of those, 8 percent contain compliance related data.