[liberationtech] One third IT managers think can Cloud compute with encrypted data

Caspar Bowden (lists) lists at casparbowden.net
Sun May 4 08:19:05 PDT 2014 

I downloaded Ponemon/Thales new survey of n=4275 IT managers (United 
States, the United Kingdom, Germany, France, Australia, Japan, Brazil, 
and Russia)  a couple of days ago by registering here 
<https://t.co/8rI2Z8vy1j>, but they appear to have now pulled the report.

It is remarkable that one third IT managers not only think that it is 
possible to compute with encrypted data, but that they are doing so already.

Here's the relevant text (red is my emphasis) and screenshot with graphs

[If they don't understand this, what else don't they understand about 
their organization's security?]

CB

    *Who controls the encryption keys*

    Figure 24 examines the issue of control over encryption keys in the
    cloud environment for both encryption of data
    at rest and encryption of data at the application level. Thirty-four
    percent of respondents believe their organization
    is in control of encryption keys for *both* data encrypted at the
    *application level* and at rest in the cloud
    environment. Another 28 percent and 29 percent believe control of
    encryption keys is a *shared activity between**
    **the organization and the cloud provider*. Only 19 percent and 17
    percent of respondents, respectively, view the
    cloud provider as having control over encryption keys for either
    encryption at the application level or for data at
    rest

    [Figure 24]

    Figure 25 shows German organizations are the most likely to say
    their organizations have control of encryption
    keys *at the application level *and for data at rest in the cloud.
    Brazilian respondents are the least likely to say their
    organizations have control over encryption keys at the application
    level and for data at rest in the cloud.

    *Figure 25. Percentage of respondents who say their organization is
    in control of encryption keys*
    Consolidated analysis for encryption at *both the application level*
    and for data at rest in the cloud by country
    sample

    [Figure 25]
    screenshot of Fig.24/25 of pdf




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20140504/7c070093/attachment.html>

More information about the liberationtech mailing list