The Top 10 Cloud Services in Government That Don’t Encrypt Data at Rest
Blog Article Published: 05/07/2015
By Cameron Coles, Sr. Product Marketing Manager, Skyhigh Networks Sensitive data in the cloud is more widespread than you may think. Analyzing cloud usage for 15 million users, Skyhigh found that 22% of documents uploaded to file sharing services contained sensitive data such as personally identifiable information (PII), protected health information (PHI), or payment information. Far from being an isolated problem, 37% of file sharing users have uploaded sensitive data at some point. For public sector organizations, the stakes are higher due to unique regulatory requirements, but all organizations struggle with visibility into the thousands of cloud services available and wide variance in security controls amongst them. A recent study found that two-thirds of US Federal government agencies failed to meet a June 2014 deadline to follow FedRAMP cloud security guidelines. FedRAMP is just one way of assessing the security of cloud providers. Skyhigh assesses cloud providers across over 50 attributes of enterprise readiness including those found in the Cloud Security Alliance Cloud Controls Matrix. Of the 10,000+ cloud services in use today, just 9.4% meet the strict security and data privacy standards required to achieve the highest rating of “enterprise-ready” by Skyhigh’s CloudTrust Program. However, in the last 12 months an increasing number of cloud services offer more robust security features and certifications. 1,459 services (17%) provide multi-factor authentication, as opposed to 705 last year; 533 (5%) are ISO 27001 certified, as opposed to 188 last year; and 1082 (11%) encrypt data at rest, as opposed to 470 last year. The last statistic shows just how much room there is for improvement. Security analysts say that information encryption is one of the best measures to protect organizations from a wide range of data leakage issues:
- If an attacker compromises the data, they will not be able to read it without the encryption keys
- Encryption removes the breach notification requirements for regulations like HIPAA
- Encrypting data can help satisfy cross-border data privacy requirements when data is stored in the cloud
- When organizations maintain control of their encryption keys, encryption prevents the cloud provider from viewing the information
Share this content on your favorite social network today!