Organizations globally lack clear policies around securing data in the cloud, according to Gemalto and the Ponemon Institute.
- Only 40% of the data stored in the cloud is secured with encryption and key management solutions. — Gemalto and Ponemon Institute, 2018
- Only 25% of IT workers and security practitioners report being “very confident” they know all the cloud services in use by their business. — Gemalto and Ponemon Institute, 2018
Though virtually all global organizations (95%) have moved to the cloud in some way or another, security risks abound, according to a new report from Gemalto and the Ponemon Institute. On average, only 40% of data stored in the cloud is secured with encryption and key management tools, according to the 3,200 IT and security pros surveyed for the report.
The cloud can bring various benefits, including avoiding the costs and complexities of owning and maintaining an on-premises IT infrastructure, as noted by our sister site ZDNet. However, many companies remain worried about securing it: 54% of global organizations said payment information was at risk when stored in the cloud, and 49% said customer data was. Some 57% said they believe that using the cloud makes them more likely to come in conflict with privacy and data protection regulations. With this being the case, 88% of organizations surveyed said they believe that new GDPR rules coming to Europe will require changes to their cloud governance, with 37% reporting that it would require “significant” changes.
hadow IT is also causing concern among IT and security leaders: Only 25% of these professionals said they were “very confident” that they know all of the cloud services currently in use by their business, while 31% said they were “confident.”
Security practices differed widely depending on geographic location, the report found. Germany reported the most strict policies in terms of sharing sensitive or confidential information stored in the cloud with third parties, with 61% of German respondents reporting that their organizations are careful when doing so. The least strict policies came from the UK (35%), Brazil (34%), and Japan (31%).
Germany also reported being the most secure when it comes to applying tools such as encryption and tokenization to store sensitive or confidential information in the cloud (61%), compared to the US (51%) and Japan (50%). That strong security also applied when sending or receiving data internally, reaching 67% for Germany, 62% for Japan, and 61% for India, the report noted.
“While it’s good to see some countries like Germany taking the issue of cloud security seriously, there is a worrying attitude emerging elsewhere,” Jason Hart, CTO of data protection at Gemalto, said in a press release. “This may be down to nearly half believing the cloud makes it more difficult to protect data, when the opposite is true. The benefit of the cloud is its convenience, scalability and cost control in offering options to businesses that they would not be able to access or afford on their own, particularly when it comes to security.”
Though securing data may be easier, organizations should never assume that a move to the cloud means that information is automatically secure without added protections, Hart said in the release.