CSA Survey: Security Pros Split on Whether Cloud Vendors Should Cooperate With Government

CAMPBELL, CA--(Marketwired - Aug 11, 2016) - Bitglass, the Total Data Protection company, in partnership with the Cloud Security Alliance, today released their report Mitigating Cloud Risks, based on a survey of 176 information security professionals. Bitglass and CSA found that more than one in three IT pros believe cloud providers should turn over encrypted data to government when asked. Government intervention aside, many organizations have experienced cloud security incidents, though these aren't the widespread breaches many anticipated -- the majority of incidents stem from inappropriate use of the cloud, led by unwanted external sharing and access from unmanaged devices.

"While hotly contested issues like government intervention remain open, major public cloud vendors have demonstrated that the cloud can be more secure than premises-based applications," said Nat Kausik, CEO of Bitglass. "The primary open concern is whether enterprises can put policies and controls in place to use the cloud securely."

"The decision as to whether or not an organization wants their cloud provider to turn over encrypted data to government when asked is one that all organizations should ask themselves as they make the move to the cloud," said John Yeoh, Senior Research Analyst of CSA. "It is also a critical question organizations should be asking of their cloud providers, as part of a comprehensive assessment of cloud providers' security controls. The more information and policy detail that can be clearly spelled out up front, the greater the chance that an organization will have a successful, long term relationship with their cloud provider."

Mitigating Cloud Risks explores how organizations are securing cloud applications, their plans to improve visibility in the cloud, and top security threats, including unsanctioned apps and external sharing.

Key Findings:

• 35 percent believe cloud app vendors should be forced to provide government access to encrypted data while 55 percent are opposed. 64 percent of US-based infosec professionals are opposed to government cooperation, compared to only 42 percent of EMEA respondents.
• Most organizations have experienced some cloud security incident, with 59 percent related to unwanted external sharing and 47 percent involving access from unauthorized devices.
• Cloud visibility is lacking -- less than half (49 percent) of organizations know even the basics, such as where and when sensitive data is being downloaded from the cloud.
• Cloud Access Security Brokers (CASBs) are on the rise. 60 percent of organizations have deployed or plan to deploy a CASB, with data leakage prevention cited as the most important capability.
• Few have taken action to mitigate Shadow IT threats, with 62 percent relying on written policies rather than technical controls.

To view the complete report, visit: bitglass.com/csa-cloud-threats-report/

About Bitglass
Bitglass' Cloud Access Security Broker (CASB) solution provides enterprises with end-to-end data protection from the cloud to the device. It deploys in minutes and works with any cloud app on any device. Bitglass protects mobile devices without the hassles of MDM and enables enterprises to enforce corporate data security policies across apps like Office 365, Salesforce, and Exchange. Bitglass, based in Silicon Valley, was founded in 2013 by a team of industry veterans with a proven track record of innovation and execution.

About Cloud Security Alliance
The Cloud Security Alliance is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing. The Cloud Security Alliance is led by a broad coalition of industry practitioners, corporations, associations and other key stakeholders.