“I’ll document that later.”
“I’ll be sure to close that port when I’m done.”
“The CEO wanted to start using his new device right away.”
By Fred Donovan, FierceITSecurity.
Emphasis in red added by me.
Brian Wood, VP Marketing
Cloud security being left out of enterprise security policy, PwC survey finds
Only 18 percent of enterprises include cloud provisions in their security policy, yet close to half use cloud computing on a regular basis, according to a survey of 9,600 executives from around the world.
“This is surprising. You are taking your sensitive data and giving it to a third party and you don’t have controls over that data,” Mark Lobel, principal in PwC’s entertainment, media and communications practice with a focus on information security, told FierceITSecurity.
The survey was conducted by PricewaterhouseCoopers, CIO Magazine and CSO Magazine, and reported in the Global State of Information Security Survey 2014.
Enterprises should also consider encrypting data that they place in the cloud, as well as instituting strong authentication methods for accessing that data, Lobel advised.
“We have expanded the enterprise’s perimeter over the years. Now cloud is just a part of people’s infrastructure, so if don’t have that perimeter, your identity management has become your new perimeter,” Lobel said.
According to the survey, only 41 percent of enterprises are inspecting outbound traffic to see what data is going out to the cloud and to the public Internet. Lobel stressed that inspecting outbound traffic is another cloud security measure that IT needs to put in place to understand what data is leaving the enterprise and where it is going.
On the mobile security front, only 42 percent of the respondents have a mobile security policy in place. Less than a third of enterprises actively prohibit employees from bringing personal devices to work, indicating that two-thirds permit some form of BYOD.
Only 39 percent of enterprises have put mobile device management software in place, yet deploying MDM is the first step in providing mobile security to the enterprises, Lobel opined.
“When it comes to BYOD and mobility, people have been busy implementing things before they have actually secured them. In the rush to take advantage of these new technologies, we haven’t stepped back and said, Hey, are we doing this securely?,” Lobel said.