On 04/05/14 17:19, Caspar Bowden (lists) wrote:
I downloaded Ponemon/Thales new survey of n=4275 IT managers (United
States, the United Kingdom, Germany, France, Australia, Japan, Brazil,
and Russia) a couple of days ago by registering here
<https://t.co/8rI2Z8vy1j>, but they appear to have now pulled the report.
It is remarkable that one third IT managers not only think that it is
possible to compute with encrypted data, but that they are doing so
already.
Here's the relevant text (red is my emphasis) and screenshot with graphs
[If they don't understand this, what else don't they understand about
their organization's security?]
CB
*Who controls the encryption keys*
Figure 24 examines the issue of control over encryption keys in
the cloud environment for both encryption of data
at rest and encryption of data at the application level.
Thirty-four percent of respondents believe their organization
is in control of encryption keys for *both* data encrypted at the
*application level* and at rest in the cloud
environment. Another 28 percent and 29 percent believe control of
encryption keys is a *shared activity between**
**the organization and the cloud provider*. Only 19 percent and 17
percent of respondents, respectively, view the
cloud provider as having control over encryption keys for either
encryption at the application level or for data at
rest
[Figure 24]
Figure 25 shows German organizations are the most likely to say
their organizations have control of encryption
keys *at the application level *and for data at rest in the cloud.
Brazilian respondents are the least likely to say their
organizations have control over encryption keys at the application
level and for data at rest in the cloud.
*Figure 25. Percentage of respondents who say their organization
is in control of encryption keys*
Consolidated analysis for encryption at *both the application
level* and for data at rest in the cloud by country
sample
[Figure 25]
Hmm, that didn't work embedded - trying as attachment
CB
--
Liberationtech is public & archives are searchable on Google. Violations of
list guidelines will get you moderated:
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe,
change to digest, or change password by emailing moderator at
compa...@stanford.edu.