[vc_row][vc_column][vc_column_text]

Trust Us: Your Auto-Reply Message Can Get You Into Trouble

By Andy O'Donnell as written on netsecurity.about.com

So, you're headed off on a business trip. You've got your plane tickets, hotel reservations, and everything is good to go. Only one thing left to do, it's time to set your Outlook Out-of-Office Auto-Reply message so that clients or coworkers e-mailing you will know how to contact you while you're away, or will know who they can contact during your absence.

Seems like the responsible thing to do, right? Wrong! Out-of-Office Auto-replies can be a huge security risk.

Out-of-Office replies can potentially reveal a huge amount of sensitive data about you to anyone who happens to e-mail you while you're away.

Here's an Example of a Common Out-of-office Reply:

"I will be out of the office at the XYZ conference in Burlington Vermont during the week of June 1-7. If you need any help with invoice-related issues during this time, please contact my supervisor, Joe Somebody at 555-1212. If you need to reach me during my absence you can reach me on my cell at 555-1011.
While the message above is helpful, it may also be harmful because, in a couple of short sentences, the person in the e-mail above revealed some incredibly useful information about himself. This information could be used by criminals for social engineering attacks.

The example out-of-office reply above provides an attacker with:

Current Location Information

Revealing your location aids attackers in knowing where you are and where you aren't. If you say you're in Vermont, then they know that you aren't at your home in Virginia. This would be a great time to rob you. If you said you were at the XYZ conference (as Bill did), then they know where to look for you. They also know that you're not in your office and that they might be able to talk their way into your office saying something like:

"Bill told me to pick up the XYZ report. He said it was on his desk. Do you mind if I pop in his office and grab it." A busy secretary might just let a stranger into Bill's office if the story seems plausible.

Contact information

The contact information that Bill revealed in his out-of-office reply may help scammers piece together elements needed for identity theft. They now have his e-mail address, his work and cell numbers, and his supervisor's contact info as well.

When someone sends Bill a message while his auto-reply is turned on, his e-mail server will send the auto-reply back to them, which in-effect confirms Bill's e-mail address as a valid working address. E-mail Spammers love getting confirmation that their spam reached a real live target. Bill's address will likely now be added to other spam lists as a confirmed hit.

Place of employment, job title, line of work, and chain of command

Your signature block often provides your job title, the name of the company you work for (which also reveals what type of work you do), your e-mail, and your phone and fax numbers. If you added "while I'm out please contact my supervisor, Joe Somebody" then you just revealed your reporting structure and your chain of command as well.

Social engineers could use this information for impersonation attack scenarios. For instance, they could call your company's HR department pretending to be your boss and say "This is Joe Somebody. Bill Smith is off on a trip and I need his Employee ID and Social Security Number so I can correct his company tax forms."

Some Out-of-Office message setups allow you to restrict the reply so that it only goes to members of your host e-mail domain, but most people have clients and customers outside of the hosting domain so this feature won't help them.

How can you create a safer out-of-office auto-reply message?

1. Be intentionally vague

Instead of saying that you will be somewhere else, say that you will be "unavailable". Unavailable could mean you are still in town or in the office taking a training class. It helps keep the bad guys from knowing where you really are.

2. Don't provide contact info

Don't give out phone numbers or e-mails. Tell them that you will be monitoring your e-mail account should they need to contact you.

3. Leave out all personal information and remove your signature block

Remember that complete strangers and possibly scammers and spammers may see your auto-reply. If you wouldn't normally give this info to strangers, don't put it in your auto-reply.

Just a note to my readers, I will be in Disney World all next week, but you can reach me by carrier pigeon (just kidding about the Disney World part).

[/vc_column_text][/vc_column][/vc_row]

[vc_row gmbt_prlx_parallax="up" font_color="#ffffff" css=".vc_custom_1467828447668{padding-top: 170px !important;padding-right: 0px !important;padding-bottom: 190px !important;padding-left: 0px !important;background: rgba(55,82,161,0.66) url(https://managedsolut.wpengine.com/wp-content/uploads/2016/07/healthcare-security-and-compliance-managed-solution.jpg?id=9945) !important;background-position: center !important;background-repeat: no-repeat !important;background-size: cover !important;*background-color: rgb(55,82,161) !important;}"][vc_column][vc_column_text]

Healthcare compliance, security, and trusted health technology

[/vc_column_text][/vc_column][/vc_row][vc_row parallax="content-moving" css=".vc_custom_1465945819577{background-color: #e98922 !important;}"][vc_column width="1/2"][vc_column_text]
[/vc_column_text][/vc_column][vc_column width="1/2"][vc_column_text css_animation="appear"]

Integrate and simplify your healthcare compliance

Security and healthcare compliance offerings from Microsoft help protect your ICT infrastructure. Protection, access , and management features help you manage risk and achieve your strategic goals. The cloud is a far more powerful, far less expensive way to innovate than health solutions built the traditional way. But health organizations need to trust that sensitive information will stay secure and comply with regulations when they adopt cloud platforms. We are committed to ensuring that your data stays secure, private, and under your control, and that with the Microsoft Cloud, you will stay compliant, even as regulations and standards evolve.

Deliver security-enhanced access from virtually anywhere

For more information call 858-429-3000

[/vc_column_text][/vc_column][/vc_row][vc_column][/vc_column][vc_column_text]

Healthcare Mobility Solutions from Managed Solution

The Microsoft family of devices, services, and solutions can help transform the way care teams communicate and access and use information throughout the course of their day. Windows-based, clinical-grade devices help to enable virtually anywhere access to actionable intelligence, resources, and personalized experiences that improve user productivity. With these enterprise-grade solutions that help keep patient information secure and compliant, users can leverage any single clinical-grade device to tap into comprehensive information systems while enjoying the ease of use associated with advanced technology. By providing efficient access to patient health information to both care teams and patients, all involved parties have the information they need to make informed decisions and to follow through on the prescribed care regimen.

• Integrate and extend security features across your organization

• Built-in security features work across multiple platforms and environments, and integration across the layers helps you get more value from your existing investments

• Manage healthcare compliance, simplify the security experience

• Help simplify the deployment and delivery of security features aligned to the needs of health professionals and patients so health professionals and patients can quickly and easily access security-enhanced applications and information

• Accelerate the planning and delivery of health solutions

The Microsoft Connected Health Platform (CHP) provides a collection of best practices and guidelines to help build e-health solutions that are efficient, security-enhanced, flexible, and scalable. All of these features build a platform that helps improve patient engagement.

Based on the extensible and agile principles of the Connected Health Framework (CHF), Microsoft CHP provides offerings for optimizing health information and communication technology, including prescriptive architecture, design, and deployment guidance; tools; and solution accelerators. Microsoft CHP is built primarily on a foundation of application platform technologies and services, as well as generic Microsoft infrastructure optimization models and tools, tailored for the health environment, enabling the delivery and management of on-premises, cloud, or hybrid solutions.

[/vc_column_text]

[vc_row][vc_column][vc_column_text]

Office365's Government Community Cloud: Benefits, Features, and Capabilities

Microsoft created Office365 Government Community Cloud (GCC) to cater exclusively to your federal, state, and local government's specific needs.

Safe, Secure, Separate

Microsoft is using GCC to make sure your government data is safe, secure, and separate. First, Office365 has data separation at the application layer.  For advanced security, GCC uses a completely different infrastructure than the infrastructure used for commercial Office365 customers, creating a second layer of physical separation for customer content.

 

 Data Won't Need a Passport

All the data you store in GCC will be stored in the United States only. This means you won't have to worry about where your data is really going when you upload something to the cloud.  All GCC datacenters are physically located in the United States, along with the Office365 services that come along with them.

Restricted Access

Microsoft personnel who have access to Office 365 GCC must be U.S. citizens, as well as undergo strict background investigations to ensure they are providing you with the utmost security.  Consider them as well screened as any other protector of government data.

 

Certifications and Accreditations

Office 365 Government complies with certifications and accreditations that are required for U.S. Public Sector customers by supporting the Federal Risk and Authorization Management Program (at a Moderate Impact level).  Support for CJIS requirements for law enforcement agencies can be found on Exchange Online (and Exchange Online Archiving), SharePoint Online, and Office Online. 

Learn more about how the Office365 Government Community Cloud can support your local, state, or federal government by contacting us today!

 

[/vc_column_text][/vc_column][/vc_row][vc_row][vc_column][/vc_column][/vc_row]

[vc_row][vc_column][vc_column_text]

4 Secrets Wireless Hackers Don't Want You to Know

By Andy O'Donnell; Security Expert as written on lifewire.com

You're using a wireless access point that has encryption so you're safe, right? Wrong! Hackers want you to believe that you are protected, so you will remain vulnerable to their attacks.

Here are 4 things that wireless hackers hope you won't find out, otherwise they might not be able to break into your wireless network and/or computer:

1. WEP encryption is useless for protecting your wireless network. WEP is easily cracked within minutes and only provides users with a false sense of security.

   Even a mediocre hacker can defeat Wired Equivalent Privacy (WEP)-based security in a matter of minutes, making it essentially useless as a protection mechanism. Many people set their wireless routers up years ago and have never bothered to change their wireless encryption from WEP to the newer and stronger WPA2 security.

   Updating your router to WPA2 is a fairly simple process. Visit your wireless router manufacturer's website for instructions.

2. Using your wireless router's MAC filter to prevent unauthorized devices from joining your network is ineffective and easily defeated.

   Every piece of IP-based hardware, whether it's a computer, game system, printer, etc, has a unique hard-coded MAC address in its network interface. Many routers will allow you to permit or deny network access based on a device's MAC address. The wireless router inspects the MAC address of the network device requesting access and compares it your list of permitted or denied MACs. This sounds like a great security mechanism but the problem is that hackers can "spoof" or forge a fake MAC address that matches an approved one.

   All they need to do is use a wireless packet capture program to sniff (eavesdrop) on the wireless traffic and see which MAC addresses are traversing the network. They can then set their MAC address to match one of that is allowed and join the network.

3. Disabling your wireless router's remote administration feature can be a very effective measure to prevent a hacker from taking over your wireless network.

   Many wireless routers have a setting that allows you to administer the router via a wireless connection. This means that you can access all of the routers security settings and other features without having to be on a computer that is plugged into the router using an Ethernet cable. While this is convenient for being able to administer the router remotely, it also provides another point of entry for the hacker to get to your security settings and change them to something a little more hacker friendly. Many people never change the factory default admin passwords to their wireless router which makes things even easier for the hacker. I recommend turning the "allow admin via wireless" feature off so only someone with a physical connection to the network can attempt to administer the wireless router settings.

4. If you use public hotspots you are an easy target for man-in-the-middle and session hijacking attacks.

   Hackers can use tools like Firesheep and AirJack to perform "man-in-the-middle" attacks where they insert themselves into the wireless conversation between sender and receiver. Once they have successfully inserted themselves into the line of communications, they can harvest your account passwords, read your e-mail, view your IMs, etc. They can even use tools such as SSL Strip to obtain passwords for secure websites that you visit. I recommend using a commercial VPN service provider to protect all of your traffic when you are using wi-fi networks. Costs range from $7 and up per month. A secure VPN provides an additional layer of security that is extremely difficult to defeat. Unless the hacker is extremely determined they will most likely move on and try an easier target.

[/vc_column_text][/vc_column][/vc_row][vc_row font_color="#ffffff" css=".vc_custom_1471641930410{background-color: #6994bf !important;}"][vc_column][vc_column_text css_animation="appear"]

Learn more about professional services provided by Managed Solution

Network Assessment & Technology Roadmap

[/vc_column_text][/vc_column][/vc_row][vc_row][vc_column][vc_column_text]

To Learn More about Professional Services, contact us at 800-208-3617

[/vc_column_text][/vc_column][/vc_row]

US Department of Defense Commits to Upgrade 4 Million Seats to Windows 10

By Yusuf Mehdi / Corporate Vice President of Microsoft’s Windows and Devices Group as written on blogs.windows.com

One of the largest enterprises anywhere – the US Department of Defense (DoD) – has joined the ranks of enterprise customers planning swift Windows 10 deployments.

With more than 76% of our enterprise and education customers in active pilots of Windows 10 and more than 200 million active devices running Windows 10, we’re seeing accelerated and unprecedented demand for Windows 10 amongst enterprise customers.

The Secretary of Defense has directed all U.S. DoD agencies to begin the rapid deployment of the Microsoft Windows 10 throughout their respective organizations for information systems currently utilizing Microsoft Operating Systems. From laptops to desktops to mobile devices, including Surface devices, the DoD is targeting its Windows 10 upgrade for completion in a year, an unprecedented move for a customer with the size and complexity of the DoD.

The Rising Importance of Security for Government Agencies

Today’s government agencies face new and emerging challenges that range from a constantly shifting threat landscape to managing multiple platforms and devices in the enterprise environment. And the modern threat landscape has never been more challenging – driving tremendous costs and risk to the security of critical information. Security breaches can take 200+ days to detect and industry experts predict there will be over two million new malware apps by the end of the year. Clearly, these are driving factors in President Obama’s action plan announced last week to improve cybersecurity across government systems and devices.

Terry Halvorsen, CIO for the DoD, also shared this fall that more tools were needed for automated cyber defense, highlighting significant security challenges to the DoD networks. Halvorsen singled out software integration as a challenge to his mission and was quoted as saying, “If you have an impending need to survive you will innovate,” adding that DoD networks are “getting shot at” virtually every day. With the DoD spending approximately $44 billion annually on cybersecurity and IT, Halvorsen said the DoD needed to deploy innovation faster to ensure systems are more secure, more efficient and cost-effective, and standardized on one platform.

Because the U.S. Department of Defense is a prime target of cyber criminals and one of the largest and most complex organizations in the world, its leaders know the importance of securing its baseline systems.

Department of Defense Bets on Windows 10

The DoD’s intention to move to Windows 10 began in earnest in November when Halvorsen issued a memo directing all Combatant Commands, Services Agencies and Field Activities to rapidly deploy Windows 10 to improve the Department’s cybersecurity, lower the cost of IT and streamline the IT operating environment.

Further demonstrating a strong vote of confidence for the platform, Windows 10 has been certified as meeting specific government criteria and standards. The National Information Assurance Program, the arm of the US government responsible for evaluating commercial IT products for use in National Security Systems has certified Windows 10 against the Mobile Device Fundamentals Common Criteria protection profile. Additionally, Microsoft’s Surface family of devices have been certified and are available through the Defense Information Systems Agency (DISA) Unified Capabilities Approved Products List and can be easily worked into deployment plans. This means that Surface has met the strict security and interoperability requirements required by the DoD.

As the Department upgrades, it may incorporate some of the following Windows 10 security features:

• Windows Hello: One of the greatest weaknesses in any security environment is the use of passwords, which can easily be hacked and used to gain access to secure resources and data. With Windows 10, agencies can identify individuals and restrict access through integrated multi-factor authentication using biometric mechanisms like facial recognition or fingerprints using the Windows Hello and Windows Passport features.

• Enhanced threat resistance and device security. Working from a crypto-processor, Trusted Platform Module (TPM) -approved chip, tools include familiar features like Secure Boot, which helps prevent malware from embedding itself within hardware or starting before the OS, and Trusted Boot which helps maintain the integrity of the rest of the operating system. Device Guard ensures that only signed applications and code can run on these devices. And Credential Guard safeguards credentials inside a hardware-based virtualized environment and breaks the popular “pass the hash” used in many major breaches.

• Windows Defender, provides anti-malware service, which currently protects almost 300 million Windows devices every day.

• Enterprise Protection, currently in testing with enterprise customers and available soon, provides separation between both corporate and personal data and prevents corporate data from being copied out of corporate files to non-corporate files and locations, such as public website or social channels. Additionally, when EDP is used with Rights Management Services, it can protect data locally adding another layer of protection even when data roams or is shared.

It is exciting to see adoption of Windows 10 by so many enterprise customers, including those with the highest of security demands, such as the Department of Defense.

Source: https://blogs.windows.com/windowsexperience/2016/02/17/us-department-of-defense-commits-to-upgrade-4-million-seats-to-windows-10/

AWS offers guidance for trusted cloud connections

As written by Stephanie Kanowitz on gcn.com
A new resource is available to help agencies develop Trusted Internet Connections (TIC) architectures in the cloud.

So far, the capabilities of TIC, an Office of Management and Budget mandate to reduce the number of network gateways on federal networks and route external connections through approved government agencies -- TIC Access Providers or Managed Trusted Internet Protocol Services -- are not available in the cloud.

But Amazon Web Services’ “Guidance for TIC Readiness on AWS,” released Feb. 3, details ways that agencies could develop TIC-ready architectures on the AWS cloud, rather than routing traffic through a TICAP or MTIPS, which can slow connections and cause constraints on a the network. The guidance, based on results of a pilot program, addresses how agencies can directly access applications running in a TIC-ready cloud on a Federal Risk and Authorization Management Program moderate baseline.

The guidance highlights two areas: common connection scenarios with a TIC overlay and AWS capabilities and features that help with TIC compliance. The scenarios include a use case involving authenticated web and mobile applications in an “all in cloud” deployment, such as the General Services Administration’s GSA Advantage, which is a public website with authentication requirements.

“In this architecture, an [Internet gateway] provides Internet connectivity to two or more customer-defined public subnets across multiple Availability Zones in the [virtual private cloud],” the guidance states. “An [Elastic Load Balancing] load balancer is placed in these public subnets. A web-tier is configured within an Auto Scaling group, leveraging the ELB load balancer to provide a continuously available web front end. This web tier securely communicates with other backend resources, most notably the backend identity store used for role-based authentication.”

Another scenario involves public web and mobile applications requiring authentication and operating in hybrid environments. This means a portion of the environment is situated onsite in a data center. Users can access these applications from home or via public Wi-Fi or agency networks using either personal or government-issued devices.

In this case, part of the application architecture resides in the cloud while the other -- often sensitive-data sources -- reside in a data center. “Connectivity between the in-cloud portions of the application and the controlled, on-premises components is achieved using AWS Direct Connect or virtual-private network service in conjunction with a TICAP or Managed Trusted IP Service provider,” the guidance states. “In this way, data flow between the customer’s in-cloud and on-premises services are seen by the TIC.”

The second aspect of the guide discusses the capabilities and features available to achieve TIC compliance in the cloud. It includes AWS Identity and Access Management, which is a web service that enables IT departments to manage multiple users, groups, roles and permissions for AWS offerings such as the Amazon Relational Database Service.

Amazon CloudWatch is another on the guide’s list. It’s a monitoring service for AWS cloud resources and the applications that run on them. It can collect and track metrics, monitor log files and set alarms, providing systemwide visibility into resource use, application performance and operational health, the guidance states.

Other capabilities and features include:

• Amazon Simple Storage Service, a scalable distributed object store that stores objects redundantly on multiple devices and at multiple facilities.

• Amazon Elastic Compute Cloud, a web service that enables resizable compute capacity in the cloud.

• Amazon Config, a managed service that provides an AWS inventory and configuration history and sends configuration change notices.

Amazon issued the guidance after completing the testing phase of the FedRAMP-TIC Overlay pilot. The program started in May 2015 as a way to research an approach that would address agencies’ need for fast and secure connections. Currently, mobile users connect to an agency, which connects to a FedRAMP-approved cloud provider via TICAPS or MTIPS. In the future, mobile users would connect with a FedRAMP-approved cloud that is also TIC-compliant, and that cloud would then connect with an agency via the trusted providers.

Amazon worked with Homeland Security Department and FedRAMP officials on the testing.

5 commonly overlooked security threats

The Internet is a vast place that brings amazing information to our fingertips in a matter of seconds. While this is a wonderful attribute, it also can be dangerous to your personal information or business’s data. That’s because there are hackers out there just itching to access your information and email is still a common way they accomplish this feat. And as we’ve seen through several recent examples—including the 2015 Pentagon and 2014 Sony email hacks—simply having a “strong” email password isn’t enough to keep your data from being compromised.

While some may jokingly (or not-so-jokingly) call for less email usage and more frequent use of the phone to communicate important information, it’s not always possible in our highly digital world. So in addition to being cautious about what is communicated in your emails, it’s important to understand how to protect those emails in the first place. To ensure secure email on your personal and work devices, you first have to recognize threats to your email system—including the less common ones.

Here are five often overlooked threats to your email security:

1. Social engineering schemes that use your mobile number—Did you know that attackers only need your mobile number to trick you into giving access to your email? Essentially, they’ll send you a text posing as your email provider (e.g., Outlook) and tell you you’re about to receive a code to ensure your email account is secure. This text will then ask you to reply with the code to confirm. Then, they’ll trigger the password reset process, you’ll receive a real message with the unlock code—and if you send it to the attackers unknowingly—they’ll use it to reset your password without your knowledge. Check out this video if you want more specifics on this scheme.

2. Sharing your access credentials with others—It’s common for some employees to share their credentials—including their password—with a fellow employee or manager when they’ll be out of the office, whether on vacation or during short-term or long-term disability. If organizations don’t have defined security policies for these situations, a lack of accountability could lead to compromised email security.

3. Loss of a phone with pertinent information—Password management applications are wonderful tools that help you keep track of all the passwords for all of the email accounts you undoubtedly have. But if this application is installed on a phone that is lost or stolen, that can be a problem. Of course, it’s important that your phone is also password-protected, but organizations should take security one step further when it comes to work or personal devices that carry business data or information. Specifically, a business should standardize acceptable use policies regarding the local storage of files, remote wipe capability and network connectivity.

4. Lack of email encryption—Just because data is passed via a secure email server doesn’t mean it’s 100 percent safe. To add an extra layer of protection, companies should invest in an encrypted email service, which seals email messages and ensures only those with a decryption key can read and access sensitive information.

5. Crypto-ransomware—Ransomware is nothing new, but it’s a nasty way for hackers to operate. They essentially take the files on your computer or devices hostage until you pay a ransom to have them released. Crypto-ransomware is even nastier, as the hackers encrypt your computer’s files and will only surrender decryption keys upon payment. How is this related to email? These attacks are typically triggered through the opening of some sort of email attachment (e.g., an invoice, energy bill, image, etc.) and they often look legitimate. According to Symantec’s 2015 Internet Security Threat Report, attacks of this nature are highly profitable (bringing in approximately $34,000 per month for one group alone) and growing in popularity.

Whether through phishing schemes or direct malware attacks, email security threats are prevalent—and as we’ve seen, even the mighty can fall prey to them. That’s why it’s more important than ever for organizations to invest in a secure email service that will help them keep their data safe. In addition, employee education is a large part of maintaining a secure email environment. When people know what to expect, they’re better equipped to protect themselves and their companies from liability.

Source: https://blogs.office.com/2016/01/28/overlooked-email-security-threats/

Cloud adoption soars in regulated industries

By Kenneth Corbin as written on cio.com
New study from cloud security firm finds that government agencies and businesses are rapidly warming to Google Apps and Microsoft Office 365.

The past year-and-a-half has seen a steep increase in the rate of adoption of cloud computing applications, with some of the biggest movers found in the government and regulated industries.

That's according to a new study by the cloud security firm Bitglass, which analyzed traffic from some 130,000 organizations in North America and reported a 71 percent surge in cloud usage across the board in the verticals it evaluated.

Within the government sector, Bitglass reported a spike of more than 300 percent in the proportion of agencies that have moved to the cloud.

Quantifying the cloud

Rich Campagna, vice president of products at Bitglass, says the study seems to confirm what industry observers have seen anecdotally, quantifying "the sheer rate at which cloud adoption has taken off in the last year-and-a-half."

Importantly, Bitglass' analysis was not looking at all facets of the cloud. The firm evaluated only the use of public cloud applications, and, of that large subset, confined its analysis to the popular productivity suites Google Apps and Microsoft Office 365. Those applications, Campagna explained, are generally deployed on an enterprise-wide scale and are "key indicators" that an organization has committed to a "cloud-first strategy."

"The decision is made at the CIO level to move to Office 365 or to Google," he says. "What we wanted to find is what is the best indicator of an organization-wide adoption of cloud-based applications."

So that approach weeds out firms where a small pocket of employees might have incorporated some niche application into their workflow, but where the enterprise writ large continues to run processes like email and collaboration applications through a traditional, locally housed data center.

Among U.S. government agencies, 47 percent have adopted either Google Apps or Office 365, according to Bitglass' findings. A slightly larger proportion of agencies with more than 1,000 employees have made the move, but Bitglass is still seeing much of the cloud activity happening at the state and local level.

"They have a thin IT shop and this allows them to focus on value-added parts of their business, rather than on having to spend on a headcount on managing and maintaining applications that are not part of their core [mission]," Campagna says.

The most dramatic increase has come in the education sector, where, by Bitglass' estimate, 83 percent of organizations have adopted one of the cloud apps that it evaluated, up from 23 percent a year-and-a-half ago.

"That's easily explained by the incredibly compelling licensing that Microsoft and Google offer," Campagna says, referring to the free distribution those companies have been offering to education customers.

But less dramatic gains can still be observed in other regulated industries, such as healthcare, where 36 percent of the organizations Bitglass reviewed have moved toward an enterprise deployment of a cloud app, up from 8 percent last year.

In the financial sector, adoption increased to 37.5 percent from 9.5 last year, and would likely be higher still with more permissive industry regulations governing the use of IT.

Microsoft and Google cloud offerings promote adoption

Campagna sees a variety of factors at work in the rise in cloud adoption, and credits Microsoft with a successful sales strategy that has aggressively promoted Office 365 while also offering more flexibility in the licensing and renewal terms of its contracts. Google, too, has recently been stepping up its efforts to push its Apps suite in the enterprise, Campagna says.

But there is also a larger shift underway that has seen the security concerns about the cloud at least partially abate. Young companies like Bitglass, which describes itself as a "cloud access security broker," have been popping up with the express purpose of helping enterprises lock down their data in a public-cloud environment. And within IT circles, where CISOs might not have even considered going to a public cloud a few years ago, many have lately been softening their stance on the issue as they aim to reposition security as a driver of the organization's mission.

"Within that risk-averse subset of the IT department, I've seen the attitudes just shift quite a bit over the last couple years," Campagna says. "The mindset of security practitioners in general -- and there are still some holdouts -- has shifted from one of control to one of enablement over the last couple of years."