Why CIOs Still ‘Fear’ Cloud And Big Data

by CXOtoday News Desk    Apr 06, 2015

cloud data

A large number of enterprise users are moving to cloud environments. Yet cloud environments (47%) are more of a risk to enterprise organizations than databases (37%) and file servers (29%), while cloud and big data concerns remain “genuine” and “deep rooted” according to a new study, which surveyed over 800 IT decision makers worldwide.

The numbers revealed worrying findings about why organizations were moving data into the cloud; almost half (46%) of respondents expressed concerns over ‘market pressures’ forcing them to use cloud services. In terms of key changes to increase the use of cloud services, 55% wanted encryption of data with enterprise key control on their premises; 52% wanted encryption of their organisation’s data within the service provider’s infrastructure, and 52% wanted liability terms for a data breach.

The stakes are high if something goes wrong with two in five (40%) organizations have experienced a data breach or failed a compliance audit in the last year.

“The cloud and big data survey results demonstrate that there is both hope and fear when it comes to cloud and big data technologies,” said Andrew Kellett, lead analyst for Ovum and author of the 2015 Vormetric Insider Threat Report – Global Edition. “This fear can lead to slow implementation of these platforms, which stymies innovation and growth. But, there are steps enterprises can take and changes providers can make that will increase adoption. For example, more than half of global respondents would be more willing to use cloud services if the provider offers data encryption with key access control.”

Focus on the Cloud

Although these numbers indicate that the benefits from cloud platforms are driving adoption, most IT decision makers have concerns about relinquishing security and control when they deploy cloud technology. 46 % express concerns that market pressures are forcing them to use cloud services. Cloud environments (46 %) outpace databases (37 %) and file servers (29 %) as the location perceived as being the greatest risk by enterprise organizations. Additionally the risks associated with big data initiatives (31 %) are now seen as greater than that of file server environments.

“The safety and security of cloud environments is a key concern for enterprises across the globe,” said John Engates, CTO of Rackspace. “The results of this report highlight the need for addressing the risk of data breaches and compliance in the enterprise. The Rackspace managed cloud can provide enterprise customers with security best practices to help them implement appropriate security measures to protect their data.”

When respondents were asked about the top data security concerns for cloud services, 82% note lack of control over the location of data, 79% cite increased vulnerabilities from shared infrastructure and 78% call out privileged user abuse at the cloud provider.

In addition, for cloud service providers who want to grow their enterprise business, the global respondents cited the top four changes that would increase their willingness to use cloud services, nearly half the CIOs asked for encryption of data with enterprise key control on their   premises. An equal number selected encryption of their organization’s data within the service provider’s infrastructure and also want service level commitments and liability terms for a data breach, while desiring explicit security descriptions and compliance commitment

“The data shows that U.S. IT decision makers are conflicted about their cloud deployments,” said Alan Kessler, CEO of Vormetric. “Market pressures and the benefits of cloud service use are strong, but enterprises have serious security concerns around these environments. There is enormous anxiety over how sensitive data and systems can best be protected, with lack of control listed as the number one worry.  For cloud service providers to increase their footprint in the enterprise, they must address enterprise requirements around security, data protection and data management. More specifically, cloud service providers need to provide better protection and visibility to their customers.”

Focus on Big Data

Big data projects regularly rely on the cloud-based service delivery model to support high processing and data usage overheads, causing double jeopardy issues. Many security concerns with cloud deployments also apply to big data initiatives. Also, a meaningful proportion of the data involved is likely to be of a sensitive or even classified nature. Yet, big data projects are typically run off-premise using the cheapest and fastest options available. ASEAN respondents reported higher sensitive data use within big data environments than any other region (45%), while Japan is the most conservative (12%).

“59% of US survey respondents identified privileged users as the biggest threat to their organizations. Failure to adequately handle security requirements, especially around mission critical applications, places an enterprise at significant risk, exposing sensitive data to possible data breaches,” said Ravi Mayuram, SVP Couchbase Engineering. “With big data security at the top of every CIO agenda, every NoSQL deployment should protect sensitive data access for interactive, operational applications.”

The top three concerns in big data initiatives are sensitive information residing anywhere in the environment (41%), security of reports that include sensitive data (37%) and lack of security frameworks and controls within the environment (34%). It should be noted that privileged user access to protected data in the implementation ranked a close fourth at 32%.

As cloud and big data adoption further accelerates, these technologies also bring new risks to organizations with additional administrative roles and potentials for infrastructure compromise. These risks are readily apparent to enterprise IT teams; in the survey, respondents cited security fears over employees, privileged users, survey providers and hackers.