Vormetric, a leader in enterprise data security for physical, big data, public, private and hybrid cloud environments, today announced the results of its cloud and big data focused edition of the 2015 Vormetric Insider Threat Report (ITR). The survey was conducted online on their behalf by Harris Poll in fall 2014 among 818 IT decision makers (ITDMs) in various countries, including 408 in the United States, and analysis was performed in conjunction with analyst firm Ovum. This report extends earlier findings in the global report and recent retail and financial research briefs with details about the impact of potential compromise of cloud platforms and big data environments, as well as the IT security practices that could most improve enterprise adoption.

60% of U.S. IT Decision Makers Surveyed Report Keeping Sensitive Data in the Cloud – 46% See This as a Top Risk: 2015 Vormetric Insider Report – Cloud and Big Data Edition

“The cloud and big data survey results demonstrate that there is both hope and fear when it comes to cloud and big data technologies,” said Andrew Kellett, lead analyst for Ovum and author of the 2015 Vormetric Insider Threat Report Global Edition. This fear can lead to slow implementation of these platforms, which stymies innovation and growth. But, there are steps enterprises can take and changes providers can make that will increase adoption. For example, more than half of global respondents would be more willing to use cloud services if the provider offers data encryption with key access control.

With the vast majority of enterprises (80 percent) now making use of cloud environments (Source Ovum ICT Enterprise Insights Major Markets Technology Priorities, October 2013 a global study with 6,700 respondents), 54 percent of respondents globally reported keeping sensitive information within the cloud.With databases and file servers typically rated as top risks for storage of sensitive information, they are now also joined by big data environments with big data (31 percent) seen by ITDMs as slightly more at risk than file servers (29 percent).

Focus on the Cloud

Although these numbers indicate that the benefits from cloud platforms are driving adoption, most IT decision makers have concerns about relinquishing security and control when they deploy cloud technology. 46 percent express concerns that market pressures are forcing them to use cloud services. Cloud environments (46 percent) outpace databases (37 percent) and file servers (29 percent) as the location perceived as being the greatest risk by enterprise organizations. Additionally the risks associated with big data initiatives (31 percent) are now seen as greater than that of file server environments.

“The safety and security of cloud environments is a key concern for enterprises across the globe,” said John Engates, CTO of Rackspace. The results of this report highlight the need for addressing the risk of data breaches and compliance in the enterprise.The Rackspace managed cloud can provide enterprise customers with security best practices to help them implement appropriate security measures to protect their data.

When U.S. respondents were asked about the top data security concerns for cloud services:

• 82 percent note lack of control over the location of data
• 79 percent cite increased vulnerabilities from shared infrastructure
• 78 percent call out privileged user abuse at the cloud provider

In addition, for cloud service providers who want to grow their enterprise business, the global respondents cited the top four changes that would increase their willingness to use cloud services:

• 55 percent asked for encryption of data with enterprise key control on their premises
• 52 percent selected encryption of their organization’s data within the service provider’s infrastructure
• 52 percent also want service level commitments and liability terms for a data breach
• 48 percent desire explicit security descriptions and compliance commitment

“The data shows that U.S. IT decision makers are conflicted about their cloud deployments,” said Alan Kessler, CEO of Vormetric. Market pressures and the benefits of cloud service use are strong, but enterprises have serious security concerns around these environments. There is enormous anxiety over how sensitive data and systems can best be protected, with lack of control listed as the number one worry among U.S. respondents. For cloud service providers to increase their footprint in the enterprise, they must address enterprise requirements around security, data protection and data management. More specifically, cloud service providers need to provide better protection and visibility to their customers.

55% of IT Decision Makers want data encryption & key control from cloud service providers

Focus on Big Data

Big data projects regularly rely on the cloud-based service delivery model to support high processing and data usage overheads, causing double jeopardy issues. Many security concerns with cloud deployments also apply to big data initiatives. Also, a meaningful proportion of the data involved is likely to be of a sensitive or even classified nature. Yet, big data projects are typically run off-premise using the cheapest and fastest options available. ASEAN respondents reported higher sensitive data use within big data environments than any other region (45 percent), while Japan is the most conservative (12 percent).

“59% of US survey respondents identified privileged users as the biggest threat to their organizations. Failure to adequately handle security requirements, especially around mission critical applications, places an enterprise at significant risk, exposing sensitive data to possible data breaches,” said Ravi Mayuram, SVP Couchbase Engineering. With big data security at the top of every CIO agenda, every NoSQL deployment should protect sensitive data access for interactive, operational applications.

The top three concerns in big data initiatives are sensitive information residing anywhere in the environment (41 percent), security of reports that include sensitive data (37 percent) and lack of security frameworks and controls within the environment (34 percent). It should be noted that privileged user access to protected data in the implementation ranked a close fourth at 32 percent.

As cloud and big data adoption further accelerates, these technologies also bring new risks to organizations with additional administrative roles and potentials for infrastructure compromise. These risks are readily apparent to enterprise IT teams; in the survey, respondents cited security fears over employees, privileged users, survey providers and hackers.

The survey results and research report are available from Vormetric and can be found here.