Netwrix has released the results of its global 2015 Cloud Security Survey showing that, when it comes to migrating to the cloud, 65% of companies are concerned with security and 40% worry about their loss of physical control over data in the cloud. In particular, 69% of companies surveyed are afraid that migration to the cloud will increase the risks of unauthorised access, while 43% have concerns about potential account hijacking.
Security is gaining increasing attention from cloud technology and service providers, but the lack of visibility when it comes to sensitive data stored externally raises fears that are still holding back wider cloud adoption.
Netwrix surveyed more than 600 IT professionals worldwide, representing technology, manufacturing, Government, healthcare, finance, education and other industry sectors and requested them to answer questions about cloud security, expectations from cloud providers and measures being taken to ensure data security.
Key findings outlined by the Netwrix study show that:
*a hybrid cloud deployment model is preferred by 44% of respondents as they transition from an on-premise infrastructure towards a cloud-based model
*private clouds attract 37% of organisations prepared to invest in additional security
*companies migrating to the cloud plan to enforce internal security policies: 56% are intent on improving identity and authentication management, 51% will use encryption and around 45% of medium and large-scale enterprises plan to establish the auditing of changes and user activity
*overall, 13% of organisations reject the idea of adopting cloud technology in the near future, although 30% of them are ready to reconsider their decision as soon as cloud security mechanisms are improved
*some 30% of organisations already take advantage of improved cloud security, while more than 40% of businesses are ready to invest in additional security guarantees if offered
*overall, 71% of enterprises questioned perceive continuous auditing of cloud infrastructure as a very important part of security guarantees to ensure data integrity in the cloud
“We wanted to find out the exact reasons preventing companies from cloud adoption and taking advantage of all the benefits it offers,” said Alex Vovk, CEO and co-founder of Netwrix.
“The survey reveals that, even though cloud isn’t a new technology, the market has good potential for further growth. Advanced security solutions and true visibility into what’s going on across the cloud infrastructure will help companies minimise security risks, take back control over business-critical assets and accelerate cloud adoption.”
*Download the 2015 Cloud Security Survey by accessing this link: http://www.netwrix.com/go/cloudsurvey2015
Rise and fall of global telecom fraud
In parallel, the Communications Fraud Control Association (CFCA) has announced the results of its Global Telecom Fraud Survey, duly reporting an 18% decrease in communications fraud since 2013.
The CFCA attributes this decline to an increase in collaboration and co-ordination among carriers in identifying and stopping fraudulent activity following the 2013 report, but Angela German (director of marketing at VoipSec) has nevertheless called upon the CFCA to substantiate this statement and questions the conclusions of its report.
Comparing the 2013 and 2015 documents isn’t the easiest of tasks because of variations in the questions and styles of reporting. The 2015 report shows IP PBX hacking (described as VoIP hacking in the 2013 report) moving to be the second most costly fraud method behind PBX hacking, which has in turn hit the top spot.
However, this year’s report has split Subscription Fraud into two different forms (namely application and identity) which, when combined, add up to $6.08 billion. Therefore, when accurately compared, the report in fact reveals an increase from the $5.22 billion total unearthed back in 2013.
Rather than painting a rosy picture, therefore, the trend actually indicates that the need for companies to take action and secure their telecom systems is now arguably greater than ever.
The report also asks participants: ‘What percentage of your company’s revenue base do you think is fraud?’ The use of ‘think’ when it comes to fraud is concerning, suggests German, because any company in the current security climate ought to have taken considerable steps towards identifying any breaches, and should therefore also have a clear picture of the associated financials. This highlights the fact that the report assumes companies don’t know how and when hacking episodes are occurring.
In the case of many IP PBX (VoIP) hacks in big companies, the fraud is taking place on a small enough, but consistent scale meaning that it’s likely to fall under the radar. VoIP remains a compelling technology with benefits of reduced costs and business efficiency, but the report highlights that both companies and the CFCA are failing to properly consider the risks associated with not deploying any associated security.
As far as German is concerned, what the CFCA report actually reveals is that far too many companies are either not fully aware of the financial risks or assume that the security available is either too complex or too costly.
In fact, cloud-based technology can provide companies with an essential first tier of voice security through the simple download and install of virtual SBC. Ensuring this action is taken will enable end user organisations to genuinely identify and stop fraudulent activity that the CFCA has proven is still prevalent.