Security is NOT a priority – especially in Japan
PR gimmicks and posturing are irritatingly common in the telco and fintech space, most notably when it comes to security. But new research from Gemalto indicates many of the promises are empty, reports Telecoms.com (FinTech Futures’ sister publication).
With data protection and privacy proving to be a bit of a hot topic for consumers nowadays, especially with almost weekly reports of calamitous breaches, security is a good plug for CEOs and CTOs to earn some brand credibility. Should Gemalto’s research prove to be accurate, these statements are nothing more than empty promises from shallow executives who fail to back-up ambitions with any fundamental changes or investment.
While we have taken a relatively negative view here, it should be worth noting security is becoming a bit more of a concern. According to the data, cost and deployment time of new services are the two main drivers for cloud adoption, but security is at least part of the conversation. 26% of the respondents to the survey highlight security credentials are part of the selection process, up from 12% in 2015, but this is still an incredibly small number.
That said, such a dismissive view on security could be dependent on where in the world you are, as you can see from the map below, with Germany hitting the top of the list, and Japan at the bottom:
Gemalto asked the respondents whether their organisation is careful about sharing sensitive and confidential information with third parties. The fact that Germany is top of the list should surprise very few. Data protection, privacy and residency regulations in the country are some of the most stringent worldwide, though it should be noted that Europe on the whole is quite stern when it comes to data.
What should be concerning is the UK’s statistics; only 35% of the respondents, who are employees of UK firms, believe their organisation is serious about how they share information. Only 43% believe their organisation proactive in managing compliance with privacy and data protection regulations in the cloud environment, while only 50% of UK businesses have a policy that requires the use of security safeguards as a condition to using certain cloud computing applications.
The UK is not the worst country which was assessed as part of the research, but it certainly wasn’t the best. Considering it is trying to keep in the good books of the European Union (EU) with Brexit on the horizon, you would think a more stringent approach to data protection and privacy would be a good place to start. Whether these numbers are high enough to meet to firm standards of the EU remains to be seen.
Perhaps the most worrying statistic to be drawn out of this research surrounds data encryption. 77% of the respondents believe securing sensitive and confidential information in the cloud with encryption is important today, though only 40% are currently doing it.
Of those who are using encryption tools, 43% believe the information is made unreadable before it is sent to the cloud, 28% say information at rest is made unreadable in the cloud using the vendors tools, while 27% say this information secured in the cloud with the organisations own tools. 52% believe the encryption keys are then controlled in-house, 21% believe it is done by the cloud provider, while 16% hand them over to a third-party.
There are certainly year-on-year improvements on attitudes towards security and also the implementation of new technologies, but this is sluggish progress. A lack of encryption is worrying, especially when you consider the number of breaches which are being reported. Cloud may be normalised, and arguably more secure than on premise, but hackers are getting brighter; every precaution should be made for sensitive and confidential information.
Unfortunately, it does appear that security will continue to be a PR tool for grinning CEOs to feed to the masses for at least the near future.