A new SANS survey finds that organizations are putting more sensitive customer-related data, particularly personally identifiable information (PII) and healthcare records in the cloud than ever. This and other data from the 2017 Cloud Security Survey will be released by SANS Institute in a two-part webcast on Tuesday, November 1 and Wednesday, November 2.
The survey of security practitioners finds that they continue to have major concerns about sensitive data. More than 60% worry about unauthorized access by outsiders, followed by insecure, unmanaged devices accessing sensitive info from the cloud, followed by breach of sensitive data by cloud personnel. This concern aligns with their implementation of top controls, in which more than 80% of respondents are utilizing VPN (to secure access), log management, and vulnerability management as their top three controls that work for cloud environments. Just under 80% are utilizing encryption, as well.
Respondents still believe they lack visibility, auditability and effective controls to actually monitor everything that goes on in their public clouds, with 55% indicating that they are hindered from performing adequate forensic and incident response activities by a lack of access to logs and underlying system and application details in cloud environments.
"The survey did find increased use of security controls within cloud provider environments and wider use of security-as-a-service (SecaaS) solutions to achieve in-house and external security and compliance requirements," says Dave Shackleford, SANS Analyst and author of the report. "But the acceptance of in-cloud controls and services continues to lag behind the pace of organizations moving assets into the cloud."
Subscribe to our newsletter for all the latest updates and special offers.
Click Here To view archive additions