“Security concerns and lack of visibility hinder cloud adoption” state 65% of IT professionals

Netwrix has released the results of its global 2015 Cloud Security Survey showing that, when it comes to migrating to the cloud, 65% of companies are concerned with security and 40% worry about their loss of physical control over data in the cloud. In particular, 69% of companies surveyed are afraid that migration to the cloud will increase the risks of unauthorised access, while 43% have concerns about potential account hijacking.

Security is gaining increasing attention from cloud technology and service providers, but the lack of visibility when it comes to sensitive data stored externally raises fears that are still holding back wider cloud adoption.

Netwrix surveyed more than 600 IT professionals worldwide, representing technology, manufacturing, Government, healthcare, finance, education and other industry sectors and requested them to answer questions about cloud security, expectations from cloud providers and measures being taken to ensure data security.

Key findings outlined by the Netwrix study show that:

*a hybrid cloud deployment model is preferred by 44% of respondents as they transition from an on-premise infrastructure towards a cloud-based model

*private clouds attract 37% of organisations prepared to invest in additional security

*companies migrating to the cloud plan to enforce internal security policies: 56% are intent on improving identity and authentication management, 51% will use encryption and around 45% of medium and large-scale enterprises plan to establish the auditing of changes and user activity

Alex Vovk of Netwrix

Alex Vovk of Netwrix

*overall, 13% of organisations reject the idea of adopting cloud technology in the near future, although 30% of them are ready to reconsider their decision as soon as cloud security mechanisms are improved

*some 30% of organisations already take advantage of improved cloud security, while more than 40% of businesses are ready to invest in additional security guarantees if offered

*overall, 71% of enterprises questioned perceive continuous auditing of cloud infrastructure as a very important part of security guarantees to ensure data integrity in the cloud

“We wanted to find out the exact reasons preventing companies from cloud adoption and taking advantage of all the benefits it offers,” said Alex Vovk, CEO and co-founder of Netwrix.

“The survey reveals that, even though cloud isn’t a new technology, the market has good potential for further growth. Advanced security solutions and true visibility into what’s going on across the cloud infrastructure will help companies minimise security risks, take back control over business-critical assets and accelerate cloud adoption.”

*Download the 2015 Cloud Security Survey by accessing this link: http://www.netwrix.com/go/cloudsurvey2015

Rise and fall of global telecom fraud

In parallel, the Communications Fraud Control Association (CFCA) has announced the results of its Global Telecom Fraud Survey, duly reporting an 18% decrease in communications fraud since 2013.

The CFCA attributes this decline to an increase in collaboration and co-ordination among carriers in identifying and stopping fraudulent activity following the 2013 report, but Angela German (director of marketing at VoipSec) has nevertheless called upon the CFCA to substantiate this statement and questions the conclusions of its report.

Comparing the 2013 and 2015 documents isn’t the easiest of tasks because of variations in the questions and styles of reporting. The 2015 report shows IP PBX hacking (described as VoIP hacking in the 2013 report) moving to be the second most costly fraud method behind PBX hacking, which has in turn hit the top spot.

However, this year’s report has split Subscription Fraud into two different forms (namely application and identity) which, when combined, add up to $6.08 billion. Therefore, when accurately compared, the report in fact reveals an increase from the $5.22 billion total unearthed back in 2013.

Rather than painting a rosy picture, therefore, the trend actually indicates that the need for companies to take action and secure their telecom systems is now arguably greater than ever.

The report also asks participants: ‘What percentage of your company’s revenue base do you think is fraud?’ The use of ‘think’ when it comes to fraud is concerning, suggests German, because any company in the current security climate ought to have taken considerable steps towards identifying any breaches, and should therefore also have a clear picture of the associated financials. This highlights the fact that the report assumes companies don’t know how and when hacking episodes are occurring.

In the case of many IP PBX (VoIP) hacks in big companies, the fraud is taking place on a small enough, but consistent scale meaning that it’s likely to fall under the radar. VoIP remains a compelling technology with benefits of reduced costs and business efficiency, but the report highlights that both companies and the CFCA are failing to properly consider the risks associated with not deploying any associated security.

As far as German is concerned, what the CFCA report actually reveals is that far too many companies are either not fully aware of the financial risks or assume that the security available is either too complex or too costly.

In fact, cloud-based technology can provide companies with an essential first tier of voice security through the simple download and install of virtual SBC. Ensuring this action is taken will enable end user organisations to genuinely identify and stop fraudulent activity that the CFCA has proven is still prevalent.

About the Author
Brian Sims BA (Hons) Hon FSyI, Editor, Risk UK (Pro-Activ Publications) Beginning his career in professional journalism at The Builder Group in March 1992, Brian was appointed Editor of Security Management Today in November 2000 having spent eight years in engineering journalism across two titles: Building Services Journal and Light & Lighting. In 2005, Brian received the BSIA Chairman’s Award for Promoting The Security Industry and, a year later, the Skills for Security Special Award for an Outstanding Contribution to the Security Business Sector. In 2008, Brian was The Security Institute’s nomination for the Association of Security Consultants’ highly prestigious Imbert Prize and, in 2013, was a nominated finalist for the Institute's George van Schalkwyk Award. An Honorary Fellow of The Security Institute, Brian serves as a Judge for the BSIA’s Security Personnel of the Year Awards and the Securitas Good Customer Award. Between 2008 and 2014, Brian pioneered the use of digital media across the security sector, including webinars and Audio Shows. Brian’s actively involved in 50-plus security groups on LinkedIn and hosts the popular Risk UK Twitter site. Brian is a frequent speaker on the conference circuit. He has organised and chaired conference programmes for both IFSEC International and ASIS International and has been published in the national media. Brian was appointed Editor of Risk UK at Pro-Activ Publications in July 2014 and as Editor of The Paper (Pro-Activ Publications' dedicated business newspaper for security professionals) in September 2015. Brian was appointed Editor of Risk Xtra at Pro-Activ Publications in May 2018.

Related Posts