Cyber-Ark’s fifth annual "Trust, Security and Passwords" report surveyed 1,422 IT staff and C-level professionals across North America and Europe, the Middle East and Africa (EMEA), and found that nearly one in five C-level respondents admit insider sabotage had occurred at their workplace. Another 16% believe that competitors may have received highly sensitive information or intellectual property--including customer lists, product information and marketing plans--from sources within their own organization.
The biggest cloud security challenge revolves around visibility and availability, says Pironti. Vendors are putting out a multitenant strategy, including shared storage, and telling users not to worry about how it works.
That attitude contradicts the trends of the last five-plus years toward good governance, with appropriate metrics and monitoring. "We want to know when somebody is affecting our data." The solution is a trust-but-verify model, putting checks and balances in place, he says.
Cloud service and technology vendors must show how they do can do this better than the competition, when everybody is pretty much using the same technology, he adds, saying it gets worse because the adversaries have defeated most of the technologies that they say can protect us.
Want more good news? Pironti says while visibility and availability remain problematic in the cloud, the very existence of the cloud bringing together huge amounts of data will attract more predators. The cloud becomes jump points for people to attack other systems, and they will also use them as factories for attacks.
"Now we're empowering the adversaries." That's the double-edged nature of technology, he says. It can be used for both "good" and "bad" purposes.
See more on this topic by subscribing to Network Computing Pro Reports Research: 2011 Strategic Security Survey (subscription required).
