A new report by Vormetric, summarized today in Forbes, says that while close to 60% of IT decisionmakers are placing sensitive data in the cloud, nearly 89% feel that they are at least somewhat vulnerable to an insider attack, and 46% believe cloud environments are the storage location of greatest risk for data breaches.
In addition, concern over data breaches is eclipsing concerns over achieving and maintaining compliance, and the greatest perceived threat for data breaches is insider threats, which 93% of organizations felt they were vulnerable to.
44% of North American organizations have suffered a serious data breach or failed a compliance audit in the last 12 months.
The study results show that behavior with respect to data security is not in line with perceived risk, and in addition, it is not in line with actual risk, which trailed perceived risk only slightly on the average. While there are many potential reasons for this misalignment, in my experience the major causes among our prospective clients are:
- Perceived low cost of cloud hosting does not include the actual costs of maintaining data security
- Business pressures coupled with the ease of provisioning cloud resources take priority over security
- Security costs are high (both from a labor and software/service licensing perspective) and not coming down significantly
- There is confusion about what security measures are necessary to prevent actual threats
Matching the trends in the study, ENKI is seeing an increasing number of prospective clients who are prioritizing protection from data breaches and complying with insurance requirements for data breach protection above compliance, especially for organizations that keep sensitive data that is not covered by compliance requirements.
Our security offerings align closely with those the study identified as being most important to IT decisionmakers:
- 55% asked for encryption of data with enterprise key control, which ENKI provides as our inexpensive SecurVault service.
- 52% also want service level commitments and liability terms for a data breach, which ENKI provides as part of our BAA or contracts
- 48% desire explicit security descriptions and compliance commitments, which ENKI provides as part of our PrimaCare Gold Compliance services
We have assembled a suite of compliance tools and services that can be tailored to meet your exact requirements, whether they are meeting compliance requirements or defending against particular threats that you are concerned about. Coupled with our operations services, we can also reduce the number of people in your organization that are touching your cloud infrastructure who may have motives to improperly access privelege data. While we are an infrastructure cloud provider, we have realized that many of our clients need operations services (outsourced IT services) that are security-aware and can offload the challenges of meeting and maintaining security requirements from your team. Overall, we feel confident that we can provide a secure cloud solution for your application hosting needs, and work with your team to achieve your overall security goals.
Please contact us if this approach sounds interesting to you!