 |
| Source: NTT. Padilla. |
A global survey by NTT* that included feedback from Hong Kong businesses has uncovered a number of 'after-shocks' since that revelation, says Len Padilla, VP of Product Strategy, NTT Communications Europe.
These after-shocks are:
• 88% of ICT decision-makers are changing their cloud buying behaviour, with over 38% amending their procurement conditions for cloud providers
• Only 5% of respondents now believe location does not matter at all when it comes to storing company data
• More than 31% of ICT decision-makers are moving data to locations where the business knows it will be safe
• Around 62% of those not currently using cloud feel the revelations have prevented them from moving their ICT into the cloud
• ICT decision-makers now prefer buying a cloud service which is located in their own region. In Hong Kong, about 69% respondents said they would prefer to work with Asia-Pacific providers.
• Just over half (52%) are carrying out greater due diligence on cloud providers than ever before
• One in six (16%) is delaying or cancelling contracts with cloud service providers
• More than 84% feel they need more training on data protection laws
"The results of this study paints a vivid picture of real concern for the sanctity of corporate data in the cloud," said Padilla. "A significant proportion of the ICT decision-makers polled said they are postponing or shelving cloud projects altogether. This view was most widely held in Hong Kong (23% of respondents)."
Hong Kong businesses are also planning to invest more in data security. Nearly six in 10 (58%) of respondents polled in the Chinese territory said they have audited their cloud suppliers’ security credentials, Padilla added.
"One key finding stood out – that is, on-going security measures are core to any organisation’s success in meeting short-term security challenges and address the future direction of information security," he said. "The challenge however is that for too long we have addressed security issues with the same old world thinking. The cloud is different - it requires a seamless approach to security and risk management that understands and can actively manage the new virtual perimeter by providing ‘active clouds’. This means having clouds that have information security and risk management built into them, and are not simply a replication of the defence-in-depth strategies that have failed to reduce incidences, or a focus on trying to determine a pattern or signature, which is no longer effective.
"If we embed information security and risk management into active clouds we can start to determine what is good and only allow this to take place – so to only allow documents that are proven to be uninfected; to only accept connections from individuals and devices that have been authenticated; and to use big data to provide not only information on what people are buying but also what they are doing."
The trend is towards long-term infiltration, but companies are not prepared for it, Padilla warned. "It’s crucial that businesses address the eroding perimeter. The threat is shifting and the perimeter is becoming vastly different than traditionally envisioned. Take note to use patch management and anti-virus programs to maintain a last defense, however small the perimeter becomes. When combined with accurate asset inventories and escalation SLAs, these basic controls can help businesses limit risk from well-known vulnerabilities and the most common attack vectors."
NTT maintains a number of data centres worldwide, and Padilla says the company's WideAngle Managed Security Services (MSS) is key to ensuring that customer data stays safe. "The visibility customers get to real and potential threats through an MSS model that offers global threat intelligence and shared knowledge and systems means organisations can take the right action at the appropriate time and get more from their existing security investment," he said.
*NTT Communications surveyed 1,000 ICT decision-makers in large companies in France, Germany, Hong Kong, the US and the UK. Sixty percent of respondents were drawn from businesses with 1,000 employees or more, representing sectors including financial services, retail, manufacturing, professional services, ICT, and energy. The survey was completed in March 2014.
No comments:
Post a Comment