The new frontier: protect data wherever it resides
New working methods, reorganization of the enterprises: as many unpublished realities that transform and stretch the traditional boundaries of the corporate world. In order to face the growing threats of cyber crime and fraud, computer cloud security must be both flexible and scalable.
The Data Cloud security Confidence Index (DSCI) published by Gemalto in 2015 lists the many challenges posed by the changes in computer systems and technology infrastructure. At present, 30% of IT managers admit that their companies have experienced a cloud security breach. 33% of them consider that unauthorized users are still able to access their network. Finally, 34% of them do not believe that their company data are safe in case of attack or breach.
According to a 2014 report by the Center for Strategic and International Studies, the has Cybercrime represents a total annual cost of over $ 445 billion.
Similarly, the Breach Level Index (BLI) Gemalto, said that over 1,500 cloud security breaches have compromised the cloud security of over a billion data in 2014. These figures show an increase 49% of the number of cloud security vulnerabilities, as well as a 78% increase in the number of stolen or lost data compared to 2013.
Monitor beyond our walls
Mutations of IT services rendered obsolete the traditional protections that are anti-virus and firewalls. In fact, the sector seems to be towards preventing threats and development of next-generation cloud security solutions.
Protect data proves to be a challenge even greater as the Cyber Cloud security Intelligence IBM Index shows that in 2014, 95% of cloud security incidents involved human error.
Yet if one believes Daniel Ives, consultant for FBR Capital Markets, only 10% of companies and government agencies have migrated to next-generation solutions: firewalls can detect and block threats at the application level or serving the analysis of big data to improve system cloud security. According to Ives, “the market for these softwares a potential of 15 to 20 billion for the next three years. ”
The new generation of companies is particularly weak against threats it puts on cloud security solutions from another age. The issue of passwords is particularly evocative. A recent survey indicates that 70% of the 2,000 respondents in the UK and the United States did not trust their passwords. At the same time, specialists phishing have become increasingly adept at pushing the less attentive users to share.
In this perspective, it becomes relevant to deploy multiple successive layers of cloud security around each asset of the company. The multi-factor authentication and Identity Federation are the two ramparts essential to castle that must be FutureSec.
(Identity Federation is a kind of Facebook for connecting corporate users. Authentication is shared between multiple domains, which allows various users from various companies to have access to information they need.
The multi-factor authentication could take the form of the combined use of a strong password and a biometric identification (like the Apple Pay system) or a geofencing or audit by IP address. Such complexity may seem cons-intuitive, but since many people use the same password for all their access, provide an iron protection via a single, impenetrable front door is quite relevant.
In April, many experts stressed, however, that “passwords or tokens are easily changed once their safety is compromised, while biometric traits are inherent and unchangeable, meaning that biometric data are final. ” So they challenge the need to establish alternative mechanisms in case of biometric data piracy.
The road ahead still looks long. “Companies still attach too much importance to the concept of cloud security perimeter, then it is today inadequate , says Tsion Gonen, vice president – Identity and Strategy . data protection for Gemalto officials should give more importance to consumer data and an approach based on the concept of “cloud security flaw”: it would seek to protect data after an intrusion was detected. Officials must therefore secure the data itself, using multi-factor encryption and data authentication, in particular securing encryption keys. In this way, the data remain unusable even if they were to be stolen. ”
Although aware of these threats, many companies are under-equipped to cope. According Peninsula Press, a project of the Department of Journalism Studies at Stanford University, more than 209 000 jobs remain unfilled in the cybercloud security industry in the United States. And the worst is yet to come: the demand for professionals specializing in information cloud security will grow by 53% by 2018.
By 2018, Gartner expects that many companies will outsource at least part of their cloud security policy through the expertise of companies specializing in data protection, risk management and infrastructure management.
In order to offer a new solution, Gemalto and Orange Business Services have recently joined forces and integrated supply Gemalto, SafeNet Authentication Service, the cloud secure Orange Business Services, Business Virtual Private Network (VPN) Gallery. This unique solution will enable companies to benefit from multi-factor authentication for all of their applications, infrastructure and services cloud .