Recent research has revealed that fewer than half of CIOs test cloud security systems and procedures. At the same time, the survey, conducted by risk consulting firm Protiviti, reported that 84 per cent of respondents were concerned about cyber security.
This reveals a contradiction: why do CIOs care about cyber security, and yet not exercise measures to ensure data safety within the cloud?
A report from the Office of Inspector General confirmed that the Veterans Affairs (VA) Department failed to make good on its hard drive encryption policy, installing and activating only 65,000 of the encryption licenses it bought since its widely publicized data breach in 2006. The breach involved records of 26.5 million active duty troops, veterans and their family members.
The 2006 incident made the VA the poster child for data breach and became the catalyst for new measures to protect Personally Identifiable Information (PII), as well as prompting a slew of laws and regulations in the US and Europe –and now expanding across the globe.
Enterprises are incorporating—and even promoting—the use of social networking applications such as Facebook, Twitter and LinkedIn as a key, if not primary, method for communicating and disseminating information. Indeed, social networking could one day supplant traditional email messaging—in large part owing to its instantaneous one-to-many dissemination feature.
Simultaneously, there’s been a trend to move information to the Cloud. It’s more cost-effective and accessible—but introduces the potential for data exposure, leakage and breach, due to the nascent state of cloud “security.”
It begs the question: What assurances does the enterprise have that documents containing intellectual property or personally identifiable data are actually safe in the Cloud?
Despite the emergence of Advanced Persistent Threats (APTs) software security has consistently failed to detect threats that target the pre-boot stage of the device. However, all is not lost as enterprises have in-built security in their employees’ devices already – it just needs to be activated and managed. Hardware-based security is the most effective way to secure data and is increasingly moving into the mainstream via Windows 8.
For some time, layering security software on top of a device has been the approach that thousands of enterprises (and software security providers) have relied on in their quest to protect information and evade network threats. It’s easy to see why – it’s the approach that’s been sold to them.
Windows 8 is nothing short of the most dramatic overhaul of the world’s most dominant operating system in 17 years. Much of the most talked-about features include a dual user interface (UI) consisting of a “Metro” side designed for use on slates and tables and the more classic “desktop” Windows 7-like UI.
But we’ll leave the discussions of the glossier aspects of Win 8 to the pundits.
No, for us Win 8 is the catalyst we’ve been waiting for – when the industry finally woke up to the promise of better security. It’s what Wave, and our colleagues in the Trusted Computing Group, have espoused and championed for nearly a decade: embedded hardware security built on industry standards.