Study: Sensitive Data Still Placed in Cloud
A cloud security study commissioned by IAM firm Symplified found that despite security risks, one third of enterprises store highly sensitive data in the public cloud, If anything, the findings reveal a glaring security gap between what users know they need and what they actually have. And partners will likely be called upon to fill those gaps as cloud adoption swells.
Send to Kindle
Yes, we all know the risks of eating junk food, smoking and not wearing seat belts. And yet, so many of us ignore the risks, often because we think that the consequences somehow won’t catch up to us.
The same mentality applies to security. A cloud study conducted by identity and access management services firm Symplified revealed that despite overwhelming security concerns, one third of enterprises place highly sensitive data in the public cloud.
Specifically, the findings were generated from an independent August 2012 study, titled “Access Management for the Extended Enterprise: A Timely Challenge,” conducted by Forrester Consulting and commissioned by Symplified.
Among the most significant findings was that while most enterprises had security concerns about the cloud, nearly a third of them already were storing their sensitive data, such as regulated financial (34 percent) and healthcare information (29 percent) in SaaS apps.
However, the study also showed that cloud security is becoming increasingly top of mind. And even when users are aware of the risks, implementing comprehensive identity and access management solutions still might be easier said than done. Nearly half of respondents doubt that their existing IAM infrastructure will be able to support cloud applications or provide single sign-on as a security mechanism. Altogether, 52 percent of enterprises say they were very concerned or somewhat concerned that their infrastructure was not current enough to support cloud IAM protocols.
Meanwhile, 38 percent say they have strong concerns that their existing IAM infrastructure was not compatible with their cloud IAM solution. And another 52 percent of enterprises say that they are concerned that their access request processes didn’t fit with their cloud IAM solution.
“This survey reveals that enterprises recognize the need for cloud identity and access management, but they’re concerned about their ability to integrate these capabilities within existing infrastructures,” said Brian Czarny, vice president of marketing for Symplified. “It’s also clear that supporting non-SAML apps is a big challenge, and that organizations want the ability to choose between cloud-based and on-premises security options.”
Perhaps once upon a time, cloud security -- and especially niche cloud solutions such as IAM mechanisms -- were pushed to the back burner as companies rabidly adopted cloud infrastructure to cut costs, increase productivity and accelerate efficiencies.
However, along with aggressive cloud adoption came an increasing number of high profile data breaches.
Earlier this summer, Wired reporter Mat Honan appeared to be on the receiving end of one such breach when a hacker infiltrated his iCloud account – possibly using a brute force attack -- in order to remote wipe all of his devices, including his iPhone, iPad and MacBook Air.
And a spate of attacks and compromises against online cloud storage and collaboration firm DropBox also served to underscore potential security risks -- further highlighted over the summer when an employee’s account was hacked in an effort to obtain customer e-mail addresses.
Granted, cloud security breaches are still relatively small in number, as the platform is still gaining ground and finding its place in a rapidly evolving market.
But if anything, the survey indicates that more users have a growing awareness of security issues associated with the cloud. That said, there remains a glaring security gap between what users know they need and what they actually have.
And that’s where the channel can clearly come in. The disparity between what users have and what they want sets the stage for partners to make an entrance with customers by conducting assessments on where they fall short in cloud security infrastructure.
From there, it’s not a far stretch for partners to introduce cloud security and access management solutions that integrate with existing infrastructure and interoperate with other systems. And that also paves the way for a host of related cloud-based IAM services that will serve to stretch their portfolios, and ultimately hike up their relevance in the market as cloud adoption continues to swell.