Chers Collègues,
Un rapport d'enquête très utile a été réalisé sur la sécurité des données via le chiffrage sur le web 2.0, notamment les services du cloud computing tels que les SAAS, par Thales s-Security et Ponemon Institute (date de publication Juillet 2012).
Ce rapport relevant d'une étude intitulée "2011 Global Encryption Trends Study", publiée en février 2012, pourrait être téléchargée sur le site : www.ponemon.org.
Cette enquête témoigne de la responsabilité partagée de la sécurité des données des fournisseurs de services et des utilisateurs.
Ci-après, les principales conclusions extraites du rapport en question :
Bonne lecture
Un rapport d'enquête très utile a été réalisé sur la sécurité des données via le chiffrage sur le web 2.0, notamment les services du cloud computing tels que les SAAS, par Thales s-Security et Ponemon Institute (date de publication Juillet 2012).
Ce rapport relevant d'une étude intitulée "2011 Global Encryption Trends Study", publiée en février 2012, pourrait être téléchargée sur le site : www.ponemon.org.
Cette enquête témoigne de la responsabilité partagée de la sécurité des données des fournisseurs de services et des utilisateurs.
Ci-après, les principales conclusions extraites du rapport en question :
Following is a summary of key findings relating to data protection,
encryption and key management activities in the cloud :
1. Currently, about half of all respondents say their organizations
transfer sensitive or confidential data to the cloud environment. Within the
next two years, another one-third of respondents say their organizations are
very likely to transfer sensitive or confidential to the cloud. At 56 percent,
German companies appear to have the highest rate of sensitive or confidential
data transferred to the cloud.
2. Thirty-nine percent of respondents believe cloud adoption has
decreased their companies’ security posture. However, 44 percent of respondents
believe the adoption of cloud services has not increased or decreased their
organization’s security posture. Only 10 percent of respondents believe the
move to the cloud has increased their organization’s security posture. With
respect to country differences, results suggest that French organizations are
most likely to view cloud deployment as diminishing the effectiveness of data
protection efforts.
3. Forty-four percent of respondents believe the cloud provider has
primary responsibility for protecting sensitive or confidential data in the
cloud environment and 30 percent believe it is the cloud consumer. There are
also differences among countries as to who is most responsible. Sixty-seven
percent of French companies appear to be the most likely to hold the cloud
provider responsible for data protection activities. In contrast, 48 percent of
Japanese companies hold the cloud consumer primarily responsible for data
protection.
4. Companies that currently transfer sensitive or confidential data to
the cloud are much more likely to hold the cloud provider primarily responsible
for data protection. In contrast, companies that do not transfer sensitive or
confidential information to the cloud are more likely to hold the cloud
consumer with primary responsibility for data protection.
5. Sixty-three percent of respondents say they do not know what cloud
providers are doing to protect the sensitive or confidential data entrusted to
them. Once again, French respondents (76 percent) are least likely to say they
know what their cloud providers do to safeguard their organization’s
information assets.
6. In general, respondents who select the cloud provider as the most
responsible party for protecting data are more confident in their cloud
provider’s actual ability to do so (51 percent) compared to only 32 percent of
respondents who report confidence in their own abilities to protect data even
though they consider their own organization to be primarily responsible for
protecting data.
7. Where is data encryption applied? According to 38 percent of
respondents, their organizations rely on encryption of data as it is
transferred over the network (typically the internet) between the organization and
the cloud. Another 35 percent say the organization applies persistent
encryption data before it is transferred to the cloud provider. Only 27 percent
say they rely on encryption that is applied within the cloud environment.
8. Among the companies that encrypt data inside the cloud, nearly 74
percent believe the cloud provider is most responsible for protecting that
data. However, only 34 percent of organizations that encrypt data inside their
organization prior to sending it to the cloud hold the cloud provider primarily
responsible for data protection.
9. Who manages the encryption keys when sensitive or confidential data
is transferred to the cloud? Thirty-six percent of respondents say their
organization is most responsible for managing the keys. Twenty-two percent say
the cloud provider is most responsible for encryption key management. Another 22
percent says a third party (i.e. another independent service provider) is most
responsible for managing the keys. Even in cases where encryption is performed
outside the cloud, more than half of respondents hand over control of the keys.
With respect to country differences, German organizations appear to be the
least likely to relinquish control of encryption keys to the cloud provider.
Companies in Australia and Brazil appear to be the most likely to transfer
control of encryption keys to the cloud provider.
10. Companies with the characteristics that indicate a strong overall
security posture appear to be more likely to transfer sensitive or confidential
information to the cloud environment than companies that appear to have a
weaker overall security posture. In other words, companies that understand
security appear to be willing and able to take advantage of the cloud. This
finding appears to be at odds with the common suggestion that more security
aware organizations are the more skeptical of cloud security and that it is the
less security aware organizations are willing to overlook a perceived lack of
security. Here, we use the Security Effectiveness Score (SES) as an objective
measure of each organization’s security posture.
Bonne lecture
Aucun commentaire:
Enregistrer un commentaire