Story image

Security in the data center: Trust remains low

31 Oct 2016

Trust in the cloud amongst information security professionals continue to remain low, despite efforts by cloud service providers to tighten security.

The results from the second annual SANS Institute Cloud Security Survey show trust in the cloud is even less that it was last year.

According to the survey, 62% of respondents say they are concerned that unauthorised outsiders could access data stored on public cloud services, compared to just 40% last year.

In 2015, 33% of respondents said they lacked the tools and low-level access to usage data that would allow them to identify a data breach or do forensic analyses that would make incident response effective; 56% made the same complaint this year.

SANS analyst and survey author Dave Shackleford says InfoSec professionals seem to have accepted the ongoing migration to the cloud as inevitable, however, and are doing what they can to secure sensitive data and applications in the public cloud.

"InfoSec professionals recognise the flexibility and cost-effectiveness of the cloud as clearly as anyone else, but they are still concerned that the lack of tools and visibility makes it more difficult to secure data in the cloud," Shackleford says.

"Many are working in tandem with business unit managers to find new technologies and policy approaches to reduce that risk - which is a big reason more companies feel comfortable storing employee and customer data in the cloud,” he explains.

Overall, 48% of respondents' organisations store employee data in the cloud, and 24% store customer financial data there, the survey reveals. In addition, 27% use cloud-based email and messaging and 17% use collaboration or document management services in the public cloud.

"Cloud providers do offer more security tools for their own platforms, and some have expanded support of industry standard security frameworks and reporting methods to increase visibility and integration with customers' existing security tools,” says Shackleford.

For InfoSec professionals, however, Shackleford says the greatest challenges are still the limited ability to access data controls built into cloud platforms, integration with existing tools and the slow progress toward APIs or services to bridge the gap between internal and external security.

"By this time next year we hope to see a lot more support for third-party solutions, better access for forensic analysis, and more openness about the security controls and processes cloud providers use," Shackleford explains.

"Cloud providers are improving, but they're not moving fast enough to address the needs of enterprises that continue to migrate sensitive data into the public cloud," he says.

Storage is all the rage, and SmartNICs are the key
Mellanox’s Kevin Deierling shares the results from a new survey that identifies the key role of the network in boosting data centre performance.
Opinion: Moving applications between cloud and data centre
OpsRamp's Bhanu Singh discusses the process of moving legacy systems and applications to the cloud, as well as pitfalls to avoid.
Global server market maintains healthy growth in Q4 2018
New data from Gartner reveals that while there was growth in the market as a whole, some of the big vendors actually declined.
Cloud application attacks in Q1 up by 65% - Proofpoint
Proofpoint found that the education sector was the most targeted of both brute-force and sophisticated phishing attempts.
Huawei to deploy Open Rack in all its public cloud data centres
Tech giant Huawei has unveiled plans to adopt Open Rack proposed by the Open Compute Project in its new public cloud data centres across the globe.
Beyond renewables: Emerging technologies for “greening” the data centre
Park Place Technologies’ CEO shares his views on innovations aside from renewable energy that can slim a data centre’s footprint.
Interview: Cisco on digital transformation and data centres at the edge
"On-premise we speak English, Amazon speaks French, and Amazon and Microsoft speak something else. But someone has to translate all of that and Cisco is involved with normalising those rule sets.”
Flashpoint: APAC companies must factor geopolitics in cyber strategies
The diverse geopolitical and economic interests of the states in the region play a significant role in driving and shaping cyber threat activity against entities operating in APAC.