Should vendors be forced to give encrypted data to the government?
More than one in three IT pros believe cloud providers should be forced to give government access to encrypted data, according to the latest research study from the Cloud Security Alliance and data protection providers Bitglass.
The research, which appears in a report entitled Mitigating Cloud Risks, surveyed 176 information security professionals and found US-based respondents were more likely to be opposed to government information (64%) than their EMEA counterparts (42%). 10% of respondents said they didn’t care either way.
In terms of how far cloud vendors should go, 43% argued that data which was readily available should be provided, 32% said that vendors should be forced to build capabilities to decrypt data specifically for law enforcement purposes, while 12% said vendors should be forced to use government-mandated encryption algorithms.
The research also examined more general enterprise cloud security trends. 59% of organisations have reported cloud security incidents around unwanted external sharing, while 47% had incidents involving access from unauthorised devices, the report notes. Similarly, shadow IT remains an issue; 62% of those polled had written policies discouraging the use of unsanctioned apps, but the numbers outright blocking apps (38%) or using a proxy to redirect users (29%) is lower.
“While hotly contested issues like government intervention remain open, several years of experiences with major public cloud apps has demonstrated that the cloud can be more secure than on-premises applications,” said Nat Kausik, CEO of Bitglass in a statement. “The primary open concern is whether enterprises can put policies and controls in place to use the cloud securely.”
Previous research from Bitglass also examined potential security worries; in June the company warned of ‘MDM mayhem’, arguing through its research that a number of privacy issues occurred, from seeing employees’ personal email inboxes, to social accounts and banking details.
You can read more about the report here.
- » ANZ CIOs doing well on digital – but with a caveat, says Gartner
- » Cisco doubles down on Internet of Things strategy, introduces IoT Threat Defense
- » More than nine in 10 IT pros see automation as necessary across the enterprise
- » Signal Sciences raises $15m in series B round and launches ‘new category’ of web app security
- » The five primary benefits of embedded analytics