Sharp Increase in Cloud Data Security Concerns at RSA 2014

Posted by skyhighnetworks on April 9th, 2014

Surveying the show floor at RSA Conference last week, the largest security software conference, Michelle Rhinds noted traffic has increased. “We’re seeing about a 20% increase in foot traffic on the expo floor, which means more people are talking to exhibitors about their security software offerings,” she said.

One of the biggest drivers of the increased focus on cloud data security at RSA is the NSA revelations by Edward Snowden last year. One of the programs contained in leaked documents obtained through the Snowden sought to place security vulnerabilities in commercial encryption software, so called “back doors” that would allow the NSA to decrypt data much more easily to perform surveillance.

RSA itself has come under fire due to allegations the company added backdoors into its popular commercial encryption software, receiving payments of $10 million from the NSA in exchange for adding the vulnerabilities.

Another topic at the show this year is cloud usage by employees, so-called Shadow IT. Shadow IT is an opportunity for the CIO and IT organization. Consider this fact: employees are voting with their feet by choosing to adopt technology that helps them be more productive and grow the business. In a sense, they’re crowdsourcing the selection process for new technology and providing a valuable service to the IT department. Instead of going through a lengthy procurement process that may end up selecting a technology that doesn’t work for the business, IT has an opportunity to partner with the business to enable and secure the cloud services already in use.

Once your company has visibility into what cloud services are in use and understands the enterprise-readiness of those services, you can enable the ones that make sense. Enabling services is about more than buying them for employees. Enablement involves using data on usage to shepherd employees onto low-risk providers, consolidating subscriptions using enterprise volume licenses, and responding proactively to enterprise needs not currently being delivered by IT.

“Ensuring cloud data security involves more than just secure encryption,” says Rhinds. She says large corporate clients are beginning to look at developing cloud adoption programs that systematize often ad hoc cloud responses and implementing a repeatable business process for cloud adoption and risk, IT can manage this transition like any other standard business process.

The activities she suggests serve as a foundation for incorporating cloud practices into existing IT programs. Rather than a one-time project, it requires continuous work to iteratively improve over time. By partnering with the business to achieve common goals, IT can be a driver of the cloud and ensure its adoption creates real business value without introducing an unacceptable level of cloud data security risks.

Author :
Skyhigh Networks, the Cloud Data Security Services company, enables companies to embrace Cloud Security Services with appropriate levels of security, compliance, and governance while lowering overall risk and cost. With customers in financial services, healthcare, high technology, media, manufacturing, and legal verticals, the company was a finalist for the RSA Conference 2013 Most Innovative Company award and was recently named a "Cool Vendor" by Gartner, Inc. Headquartered in Cupertino, Calif., Skyhigh Networks is led by an experienced team and is venture-backed by Greylock Partners and Sequoia Capital. For more information, visit us at http://www.skyhighnetworks.com/cloud-data-security/ or follow us on Twitter@skyhighnetworks.