Category Archives: Vormetric

Ovum: Cloud service providers need to double down on security

Enterprises would be more willing to use cloud if providers focused more on security, compliance

Enterprises would be more willing to use cloud if providers focused more on security, compliance

A recently published Vormetric survey suggests over half of enterprises globally are using cloud-based services to store sensitive data, and many of the IT decision makers polled by the firm said they felt pressured into using cloud services over legacy alternatives. But respondents also showed an overwhelming willingness to use cloud services to store or analyse sensitive data if service providers could guarantee some essential security and information governance capabilities and measures.

Vormetric, which worked with Ovum to petition 818 ITDMs globally on their use of cloud and big data platforms, said about 54 per cent of respondents globally were keeping sensitive information in the cloud. Interestingly, 46 per cent of all respondents expressed concerns that market pressures are forcing them to use cloud services.

And though databases and file servers were typically rated by respondents as top risks for storage of sensitive information, they are now also joined by big data environments – with big data (31 per cent) seen by ITDMs as slightly more at risk than file servers (29 per cent).

In the US specifically, respondents seemed most concerned about lack of control over the location of data (82 per cent), increased vulnerability of shared infrastructure (79 per cent), and “privileged user” abuse of the cloud service provider (78 per cent).

“The data shows that US IT decision makers are conflicted about their cloud deployments,” said Alan Kessler, chief executive officer of Vormetric. “Market pressures and the benefits of cloud service use are strong, but enterprises have serious security concerns around these environments. There is enormous anxiety over how sensitive data and systems can best be protected, with lack of control listed as the number one worry among US respondents.”

“For cloud service providers to increase their footprint in the enterprise, they must address enterprise requirements around security, data protection and data management. More specifically, cloud service providers need to provide better protection and visibility to their customers,” Kessler said.

Andrew Kellett, lead analyst for Ovum and author of the 2015 Vormetric Insider Threat Report said the results demonstrate “both hope and fear” when it comes to cloud and big data technologies, which could slow the pace at which enterprises refresh their technology platforms.

“But, there are steps enterprises can take and changes providers can make that will increase adoption. For example, more than half of global respondents would be more willing to use cloud services if the provider offers data encryption with key access control,” he said.

About 52 per cent also said they would be more likely to use cloud services if service level commitments and liability terms for a data breach were established, 48 per cent said the same if explicit security descriptions and compliance commitment were established.

Ovum: Cloud service providers need to double down on security

Enterprises would be more willing to use cloud if providers focused more on security, compliance

Enterprises would be more willing to use cloud if providers focused more on security, compliance

A recently published Vormetric survey suggests over half of enterprises globally are using cloud-based services to store sensitive data, and many of the IT decision makers polled by the firm said they felt pressured into using cloud services over legacy alternatives. But respondents also showed an overwhelming willingness to use cloud services to store or analyse sensitive data if service providers could guarantee some essential security and information governance capabilities and measures.

Vormetric, which worked with Ovum to petition 818 ITDMs globally on their use of cloud and big data platforms, said about 54 per cent of respondents globally were keeping sensitive information in the cloud. Interestingly, 46 per cent of all respondents expressed concerns that market pressures are forcing them to use cloud services.

And though databases and file servers were typically rated by respondents as top risks for storage of sensitive information, they are now also joined by big data environments – with big data (31 per cent) seen by ITDMs as slightly more at risk than file servers (29 per cent).

In the US specifically, respondents seemed most concerned about lack of control over the location of data (82 per cent), increased vulnerability of shared infrastructure (79 per cent), and “privileged user” abuse of the cloud service provider (78 per cent).

“The data shows that US IT decision makers are conflicted about their cloud deployments,” said Alan Kessler, chief executive officer of Vormetric. “Market pressures and the benefits of cloud service use are strong, but enterprises have serious security concerns around these environments. There is enormous anxiety over how sensitive data and systems can best be protected, with lack of control listed as the number one worry among US respondents.”

“For cloud service providers to increase their footprint in the enterprise, they must address enterprise requirements around security, data protection and data management. More specifically, cloud service providers need to provide better protection and visibility to their customers,” Kessler said.

Andrew Kellett, lead analyst for Ovum and author of the 2015 Vormetric Insider Threat Report said the results demonstrate “both hope and fear” when it comes to cloud and big data technologies, which could slow the pace at which enterprises refresh their technology platforms.

“But, there are steps enterprises can take and changes providers can make that will increase adoption. For example, more than half of global respondents would be more willing to use cloud services if the provider offers data encryption with key access control,” he said.

About 52 per cent also said they would be more likely to use cloud services if service level commitments and liability terms for a data breach were established, 48 per cent said the same if explicit security descriptions and compliance commitment were established.

Virtustream Adds Cloud Database Encryption, Key Management

Virtustream today added software-based “data at rest” encryption to its cloud services portfolio through a partnership with Vormetric, a leader in enterprise encryption and key management. With this extra protection, Virtustream’s xStream cloud management software and Virtustream cloud IaaS services provide highly secure and compliant solutions that enable enterprises, governments and service providers to safely run mission-critical applications in private, public and hybrid clouds.

The company will now offer Vormetric’s database and file encryption solution to customers needing an additional layer of security to satisfy internal sensitive data policies and compliance mandates regarding business data. For enterprises required to comply with regulatory guidelines and compliance frameworks such as NIST 800-53, DIACAP, FedRAMP, FISMA, ICD503, G-Cloud, CSA Recommendations, ISO27001, HIPAA/HITECH, PCI, SSAE16/SAS70 and other industry standards, this new service provides a sophisticated approach to protecting highly sensitive data in the cloud. Virtustream’s new data encryption offering allows enterprises mandating full data life cycle encryption to take advantage of the cloud.

The addition of Vormetric Data Security adds to the enhanced security measures in Virtustream clouds which include layered physical/virtual security, cloud-to-cloud encryption, core servers equipped with new Intel CPUs that support Advanced Encryption Standard New Instruction Set (AES-NI) for optimal encryption efficiency, hardware-level authentication (Intel TXT), encrypted VPN (IPSEC and SSL), Key Escrow using Data Security Modules (DSMs), encryption in archive, GRC tools, two-factor authentication, and various additional security and compliance measures and reporting.

“File-level encryption is the most effective and flexible approach to cloud data security for enterprises concerned with regulatory compliance, protecting their IP and meeting contractual obligations around customer data,” said Bruce Johnson, vice president for worldwide sales and service operations at Vormetric. “By offering Vormetric Encryption through a pay-as-you-go model, Virtustream is providing comprehensive, built-in and transparent security for any database, that can follow customer data—whether it is in the cloud or a datacenter.”

As the Virtustream team evaluated security and encryption software to pair with its cloud solution, it found that many of the larger vendors focus primarily on end-user computing and encrypting whole drives, which only protects against specific threats and could not support a variety of deployment modes. Vormetric’s solution quickly emerged as the leader in enterprise class security, as it emphasized encryption at the file/folder level, transparently across all major database platforms. It also enables very granular separation of duties to allow for a variety of support models from zero client touch, to co-managed operations, to full key management by clients. Vormetric encryption ensures that there is no unauthorized data access from inside or outside an organization. In stress testing, Vormetric exceeded Virtustream’s performance expectations with a virtually indiscernible impact on application response time, excellent manageability and detailed logging of file access for Database Access Monitoring requirements (DAM) and Data Leakage Prevention (DLP) reporting.

Virtustream now stands as the first cloud provider to offer the Vormetric solution in a SaaS model with elastic, consumption-based pricing—services are priced per virtual CPU of each database server, as opposed to traditional perpetual licensing models.

“It can be challenging to get large enterprises to trust the cloud, so this partnership with Vormetric provides a significant security measure required to overcome that concern,” said Pete Nicoletti, director of security and compliance at Virtustream. “With Vormetric’s solution, we now have a database encryption security option suitable for customers who are required to comply with executive mandates or compliance frameworks but have not yet deployed encryption at their database or application layer. Adding this capability will make moving mission-critical data to the cloud a more feasible option for any enterprise looking for immediate risk reduction and cost savings.”

With this encryption service, Virtustream also offers and manages encryption of client databases at their location in the client’s datacenter before they even move the workload to the Virtustream cloud. This is a unique capability and allows customers that are concerned with protecting personally identifiable information (PII) and other sensitive information to achieve regulatory compliance and avoid potential data breach costs.

“By partnering with Vormetric, we are able to combine its nimble and powerful security solution with our cloud solution for increased data protection with high performance and low overhead,” said Mike Olson, vice president of operations and service delivery for Virtustream. “Together we offer customers a more secure, compliant cloud environment with reduced infrastructure costs, and increased performance and uptime.”