Survey Finds CEOs, Boards Getting Increasingly Involved in Security Policy

Netskope recently announced the results of a survey of 100 2015 RSA Conference attendees, which found that 69 percent of respondents’ CEOs or boards of directors had queried their security teams regarding specific security policies in the wake of recent high-profile breaches.

Those queries covered a variety of topics — 28 percent were focused on cloud or SaaS technologies, while 27 percent were focused on mobile device security and network security.

Almost two thirds of respondents said they have changed, or plan to change, cloud-specific security methods since the Anthem security breach — and more than half said their cloud-specific security methods have changed as a direct result of CEO or board-level conversations.

“As more information is disclosed and media follow every detail of mega breaches, there’s an incredible amount to learn,” Netskope CEO and co-founder Sanjay Beri said in a statement. “But for all the information available, we were curious to know if the impact of those breaches was enough for board members and CEOs to move the needle in the boardroom.”

“I’m encouraged knowing that recent high-profile data breaches have incited conversations between board-level decision-makers and security teams, and action is being taken to prevent similar breaches,” Beri added.

Separately, the April 2015 Netskope Cloud Report found that 13.6 percent of cloud app users have had their account credentials compromised, and almost a quarter of all logins to CRM apps come from compromised accounts.

The report also found that organizations now use an average of 730 cloud apps, almost 90 percent of which Netskope designates as “not enterprise-ready.”

“While there’s a more common understanding and acceptance of ‘shadow IT’ across organizations, there’s a corresponding rise in the volume of unsanctioned cloud apps in use,” Netskope’s Beri said in a statement.

“This should give IT pause, but it’s not a cause for mass panic,” Beri added. “Like it or not, this is the new reality for IT; it’s thus critical that organizations maintain a deep level of visibility and governance over their cloud app infrastructure so they can spot and mitigate a suspicious pattern before it becomes an issue.”

Last month, Bitglass announced the results of a survey that found that one third of IT and IT security practitioners said they’d suffered more security breaches with the public cloud than with on-promise applications — and fully 90 percent expressed concern over public cloud security.

Still, 38 percent of respondents said they store intellectual property in the cloud, 31 percent store customer data, 19 percent store sensitive financial data, and 8 percent store employee healthcare data in the cloud.

And last fall, a Ponemon Institute survey sponsored by SafeNet found that 44 percent of corporate data stored in cloud environments in not managed or controlled by the enterprise’s IT department.

“While the cloud has revolutionized the way IT is delivered, many IT organizations are finding it difficult to keep up with demand for these services and the security implications that are created when critical data is stored in the cloud,” SafeNet chief strategy officer Tsion Gonen said in a statement at the time.

Jeff Goldman
Jeff Goldman
Jeff Goldman has been a technology journalist for more than 20 years and an eSecurity Planet contributor since 2009.

Top Products

Related articles