On 04/05/14 17:19, Caspar Bowden (lists) wrote:
I downloaded Ponemon/Thales new survey of n=4275 IT managers (United States, the United Kingdom, Germany, France, Australia, Japan, Brazil, and Russia) a couple of days ago by registering here <https://t.co/8rI2Z8vy1j>, but they appear to have now pulled the report.

It is remarkable that one third IT managers not only think that it is possible to compute with encrypted data, but that they are doing so already.

Here's the relevant text (red is my emphasis) and screenshot with graphs

[If they don't understand this, what else don't they understand about their organization's security?]

CB

    *Who controls the encryption keys*

    Figure 24 examines the issue of control over encryption keys in
    the cloud environment for both encryption of data
    at rest and encryption of data at the application level.
    Thirty-four percent of respondents believe their organization
    is in control of encryption keys for *both* data encrypted at the
    *application level* and at rest in the cloud
    environment. Another 28 percent and 29 percent believe control of
    encryption keys is a *shared activity between**
    **the organization and the cloud provider*. Only 19 percent and 17
    percent of respondents, respectively, view the
    cloud provider as having control over encryption keys for either
    encryption at the application level or for data at
    rest

    [Figure 24]

    Figure 25 shows German organizations are the most likely to say
    their organizations have control of encryption
    keys *at the application level *and for data at rest in the cloud.
    Brazilian respondents are the least likely to say their
    organizations have control over encryption keys at the application
    level and for data at rest in the cloud.

    *Figure 25. Percentage of respondents who say their organization
    is in control of encryption keys*
    Consolidated analysis for encryption at *both the application
    level* and for data at rest in the cloud by country
    sample

    [Figure 25]


Hmm, that didn't work embedded - trying as attachment

CB
-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Reply via email to