IT professionals have mixed feelings about cloud vendors handing over encrypted data at the government’s request, according to a new survey released Thursday.
About 55 percent of respondents believe cloud providers should not turn over their info, while 10 percent didn’t care either way, according to the study conducted by the Cloud Security Alliance and the security startup Bitglass, who surveyed 176 “IT security leaders” on their concerns for the future of cloud security.
“The decision as to whether or not an organization wants their cloud provider to turn over encrypted data to government when asked is one that all organizations should ask themselves as they make the move to the cloud,” said John Yeoh, a senior analyst for CSA. “It is also a critical question organizations should be asking of their cloud providers, as part of a comprehensive assessment of a cloud providers’ security controls.”
Overall, 43 percent of participants who were “pro-cooperation” thought their firm should provide only readily available data. Also, 12 percent of participants thought vendors should have to use “government-mandated encryption algorithms,” while 32 percent thought they should be forced to build decryption methods specifically for the law.
Moreover, a little less than half of the experts said they have adequate visibility on where and when sensitive data is being downloaded from the cloud, the report says. Another problem is shadow IT, an increasing concern where officials use unapproved fixes and systems.
“While hotly contested issues like government intervention remain open, several years of experience with major public cloud apps has demonstrated that the cloud can be more secure than on-premises applications,” Bitglass CEO Nat Kausik said in a statement. “The primary open concern is whether enterprises can put policies and controls in place to use the cloud securely.”
The mixed results of the survey highlight the uncertainty in the field, especially as respondents reported more issues of breaking security protocols, such as sharing externally or unapproved access.
Contact the reporter on this story via email: Jeremy.Snow@FedScoop.com. Follow him on Twitter @JeremyM_Snow. Sign up for the Daily Scoop — all the federal IT news you need in your inbox every morning — here: fdscp.com/sign-me-on