Executives Worry About Government Snooping
By Bob Violino
More than 60 percent of 300 senior level IT and security executives recently surveyed by Voltage Security think the government snoops on their corporate data without their knowledge while it resides in the cloud.
In addition, three-quarters of the respondents said the inability to secure information across big data initiatives causes them concern. More than half (56 percent) admitted that these security concerns have kept them from starting or finishing cloud or big data projects.
The survey results indicate a critical need to protect sensitive information from exposure, regardless of whether the exposure is caused by malicious acts, inadvertent slips, surveillance operations or failure to implement protective controls or processes.
"Any sensitive information—including financial, customer and employee data or intellectual property—needs to be protected across the entire life cycle of that data," says Dave Anderson, a senior director at Voltage. "Any loss or exposure of that data can result in compliance or regulatory fines, loss of brand and reputation and, as the recent NSA events further validate, a loss of privacy around how we communicate and the content of those communications."
More than half of the survey respondents work for large enterprises that employ more than 5,000 people. They represent industries including financial services, retail, health care and insurance.
An organization's information security strategy should include proactive data protection controls that give the ability to supervise and manage how underlying data levels are secured through encryption, tokenization and data masking.
The emphasis on securing sensitive data, while at the same time maintaining regulatory compliance, is becoming even greater as a result of the surveillance activities over the last weeks, according to the report. Executives are growing stronger in their beliefs that security, privacy and compliance are not just a tactical activity that they have to do, but a strategic process that increases their organization's ability to securely communicate at all levels.
"Supervisory data protection controls can deliver and maintain compliance with sanctioned government regulations, and avoid any unnecessary ad hoc snooping and surveillance activities" Anderson says.
Privacy and security can be effectively balanced with regulatory compliance as part of a comprehensive data protection program. The ability to "de-identify" information—through encryption, tokenization or data masking—can provide effective mechanisms to secure sensitive data and determine how that data is communicated, used and managed, according to Voltage.
This strategy can provide an underlying foundation for data privacy, ensuring that the data level itself is secure, and that information can be accessed and used only by authorized individuals and the intended recipients.
As more organizations use the cloud for data processing and analytics, enhanced security and privacy will become a key requirement. One way to provide the needed levels of security to guard against data loss is through a data-centric security program.
"We believe that this approach, which can protect sensitive data across the entire data life cycle, can allow companies to leverage the benefits of cloud adoption and ensure that their sensitive data is protected from any prying eyes," Anderson says. "This approach can completely change the negative view of 62 percent of companies regarding the security of their data in the cloud."