ENISA report- Cipher Cloud Comments
Today, CipherCloud, the leader in cloud information protection, announced its response to the newly released report on Cloud Computing in Critical Information Infrastructure Protection by ENISA. The report identifies that Cloud computing is critical given the concentration of users and data and its growing use in critical sectors, such as finance, health and insurance.
Pravin Kothari, CEO of CipherCloud, said, “Cloud services are becoming a critical information infrastructure. According to research company Gartner, the worldwide market for cloud computing will total $207 billion by 2016. In 2012 alone, it said that the market grew 20% to become a $109 billion industry. As we move closer to a cloud-enabled future, cyber criminality and state sponsored attacks are increasingly targeting the cloud in ever more sophisticated ways, while leaving organisations unable to maintain the same obligations to security, compliance and regulation. Companies and government agencies cannot rely on cloud application providers alone for data security and confidentiality of information stored in the cloud.
In the case of CIA Director, David Petraeus, whose emails became the subject of an FBI investigation, we saw how easy it is for law enforcement agencies to legally require cloud application providers to give them access to email and other sensitive data needed for criminal investigations, all without notifying the data’s owner. The Petraeus case serves as a wake-up call for executives at companies and senior officials at government agencies to take control of the data. There is no confidentiality of sensitive information in the cloud.
With the UK’s Information Commissioner’s Office (ICO) also publishing its own guidelines on cloud computing last October, clearly stating that responsibility for security now resides with the company that owns the data, not the third party cloud provider, this is becoming an even more serious challenge. It has been recognised by leading security analysts, and also by the ICO that storing information unencrypted in the cloud leaves personal and business data at risk from cyber criminals, accidental leakage, and other threats. It is essential that organizations encrypt their data before it’s sent to the cloud. That is the only way to ensure that information is not vulnerable to cloud threats, hackers and accidental leakage.”