Enterprises using IoT aren’t securing sensitive data – Thales

The adoption of advanced technology - IoT, cloud, big data and container environments - in enterprise continues apace despite security gaps

Enterprises using IoT aren't securing sensitive data - Thales

'The digital world we live in, which encompasses everything from cloud to big data and the IoT, demands an evolution of IT security measures. The traditional methods aren’t robust enough to combat today’s complicated threat landscape'

The 2017 Thales Data Threat Report issued in conjunction with analyst firm 451 Research revealed that 93% of enterprise respondents will use sensitive data in advanced technology (defined as cloud, SaaS, big data, IoT and container) environments this year.

A majority of those respondents (63%) also believe their organisations are deploying these technologies ahead of having appropriate data security solutions in place.

Fears about cloud decreasing, SaaS usage increasing

While concerns about data security in cloud environments remains high, they’ve dropped off since last year. In 2016, 70% of respondents voiced worries about security breaches from attacks targeting cloud service providers (CSPs); in 2017, 59% expressed fears.

>See also: Enterprise security in the connected devices age

The second biggest concern, cited by 57% of respondents, is ‘shared infrastructure vulnerabilities’, followed by ‘lack of control over the location of data’ (55%).

On the SaaS side, 57% of respondents report they are leveraging sensitive data in SaaS environments – up from 53% in 2016. When it comes to SaaS insecurities, respondents are most fearful about online storage (60%), online backup (56%), and online accounting (54%).

Garrett Bekker, principal analyst for Information Security at 451 Research said: “Most major cloud providers have larger staffs of highly trained security professionals than any enterprise, and their scalability and redundancy can provide protection from the kinds of DDOS attacks that can plague on-premises workloads. Perhaps as a result of the recognition of these public cloud security realities, security concerns overall for public cloud are waning.”

Big data and IoT: big hype, big security threat?

Big data is a big topic of conversation – so it might be unsurprising to learn 47% of respondents are using sensitive data in big data environments. When it comes to security, respondents cite their top fear as ‘sensitive data everywhere’ (46%), followed by ‘security of reports’ (44%) and ‘privileged user access’ (36%).

IoT adoption is even higher, with 85% of respondents taking advantage of IoT technology and 31% using sensitive data within IoT environments. Despite IoT’s popularity, and despite the personal or critical nature of many IoT tools (medical and fitness devices; video cameras and security systems; power meters), only 32% of respondents report being ‘very concerned’ about their data.

>See also: Forget insiders: third-party vendors are enterprise security’s achilles heel

When pressed about their top fears, 36% of respondents cited ‘protecting the sensitive data IoT generates’, followed by ‘identifying sensitive data’ (30%) and ‘privacy concerns’ (25%).

Containers: the new (risky?) technology on the block

Although less than five years old, container environments have proven exceptionally popular. 87% of respondents have plans to use containers this year, with 40% already in production deployment.

But similar to the emerging IoT environment (and owing to their relative immaturity), there remains a lack of enterprise-grade security controls in most container environments.

Security is cited as the number one barrier to container adoption by 47%, followed by ‘unauthorised container access’ (43%), ‘malware spread between containers’ (39%), and ‘privacy violations resulting from shared resources (36%)’.

Encryption the security strategy of choice for advanced technologies

While advanced technologies show great promise and business benefits, they are relatively young and in some cases, untested. Understanding this risk, respondents are gravitating towards a proven security control – encryption.

According to the report, 60% of respondents would increase their cloud deployments if CSPs offered data encryption in the cloud with enterprise key control. Data encryption (56%) and digital birth certificates with encryption technology (55%) are also listed as the two most popular security options for IoT deployments.

Rounding out the list is containers, with 54% of respondents citing encryption as the number one security control necessary for increasing container adoption.

>See also: How the Internet of Things is impacting enterprise networks

Peter Galvin, VP of strategy, Thales e-Security said: “The digital world we live in, which encompasses everything from cloud to big data and the IoT, demands an evolution of IT security measures. The traditional methods aren’t robust enough to combat today’s complicated threat landscape. Fortunately, adopters of advanced technologies are getting the message – as evidenced by the number of respondents expressing an interest in or embracing encryption. Putting an ‘encrypt everything’ strategy into practice will go a very long way towards protecting these powerful, yet vulnerable, environments.”

Organisations interested in both taking advantage of advanced technologies and keeping data secure should strongly consider:

· Deploying security tool sets that offer services-based deployments, platforms and automation.

· Discovering and classifying the location of sensitive data within cloud, SaaS, big data, IoT and container environments.

· Leveraging encryption and bring your own key (BYOK) technologies for all advanced technologies.

Comments (0)