Continued high profile breaches and the ever expanding threat landscape should be reason enough for data security to be amongst the biggest concerns for any organisation within the UK. As cloud, big data and IoT adoption accelerates, these technologies continue to bring new sets of unique risks to organisations. But what does this mean for UK businesses?
Because of the numerous practical and economic benefits to using cloud computing it was no surprise to see that, according to the Vormetric 2016 Data Threat Report, 85% of respondents are using sensitive data in the cloud, up from 54% last year, however, 65% of the UK respondents had concerns over security breaches of this data. The survey told a similar story for sensitive data within Big Data environments and IoT implementations. More people are continuing to adopt these technologies, yet uncertainty still lies in how to go about ensuring they are as secure as possible. In the UK it was revealed that only 10% of respondents preferentially select public cloud providers that offer native encryption!
A high level of concern is expected when considering the catastrophic effects a breach can have on an organisation, and it was encouraging to see that the majority of respondents will generally be investing more in cyber security than they did last year.
The recent hack of IoT fitness tracking wearable ‘Fitbit’ simply adds to the complexity surrounding these technologies and the security needed. Investigations found that the accounts that were accessed by an unauthorised party had 'leaked' credentials, compromised previously from other third-party sites, unrelated to Fitbit. It’s no longer enough just to secure our networks and endpoints. A lot of work needs to be done by both vendors and their enterprise customers before we can genuinely feel confident we are doing the right things.
In fact, 57% of respondents to this year’s survey cited “complexity” as the main barrier to adoption for data security, with “lack of staff to manage” (38%) a distant second. If data security hopes to emerge from the shadow of its network and endpoint security peers, the implicit message for data security vendors is to make products that are simpler to use and require less manpower to implement and maintain. This could point the way to greater acceptance of platform approaches as an alternative to point products, more automation and potentially more services-based delivery options for various forms of data security, such as encryption, key management and data loss prevention (DLP), to name a few obvious candidates.