07.26.16
Despite the continued importance of cloud computing resources to organizations, companies are not adopting appropriate governance and security measures to protect sensitive data in the cloud. These are just a few findings a Ponemon Institute study titled “The 2016 Global Cloud Data Security Study,” commissioned by Gemalto. The study surveyed more than 3,400 IT and IT security practitioners worldwide to gain a better understanding of key trends in data governance and security practices for cloud-based services.
According to 73% of respondents, cloud-based services and platforms are considered important to their organization’s operations and 81% said they will be more so over the next two years. In fact, 36% of respondents said their companies’ total IT and data processing needs were met using cloud resources today and that they expected this to increase to 45% over the next two years.
Although cloud-based resources are becoming more important to companies’ IT operations and business strategies, 54% of respondents did not agree their companies have a proactive approach to managing security and complying with privacy and data protection regulations in cloud environments. This is despite the fact that 65% of respondents said their organizations are committed to protecting confidential or sensitive information in the cloud. Furthermore, 56% did not agree their organization is careful about sharing sensitive information in the cloud with third parties such as business partners, contractors and vendors.
“Cloud security continues to be a challenge for companies, especially in dealing with the complexity of privacy and data protection regulations,” said Dr. Larry Ponemon, chairman and founder, Ponemon Institute. “To ensure compliance, it is important for companies to consider deploying such technologies as encryption, tokenization or other cryptographic solutions to secure sensitive data transferred and stored in the cloud.”
In 2014, 60% of respondents felt it was more difficult to protect confidential or sensitive information when using cloud services. This year, 54% said the same. Difficulty in controlling or restricting end-user access increased from 48% in 2014 to 53% of respondents in 2016.
According to the survey, customer information, emails, consumer data, employee records and payment information are the types of data most often stored in the cloud. Since 2014, the storage of customer information in the cloud has increased the most, from 53% in 2014 to 62% of respondents saying their company was doing this today, with 53% considering customer information the data most at risk in the cloud.
While the importance of encryption is growing, it is not yet widely deployed in the cloud. For example, for SaaS, the most popular type of cloud-based service, only 34% of respondents say their organization encrypts or tokenizes sensitive or confidential data directly within cloud-based applications.
According to 73% of respondents, cloud-based services and platforms are considered important to their organization’s operations and 81% said they will be more so over the next two years. In fact, 36% of respondents said their companies’ total IT and data processing needs were met using cloud resources today and that they expected this to increase to 45% over the next two years.
Although cloud-based resources are becoming more important to companies’ IT operations and business strategies, 54% of respondents did not agree their companies have a proactive approach to managing security and complying with privacy and data protection regulations in cloud environments. This is despite the fact that 65% of respondents said their organizations are committed to protecting confidential or sensitive information in the cloud. Furthermore, 56% did not agree their organization is careful about sharing sensitive information in the cloud with third parties such as business partners, contractors and vendors.
“Cloud security continues to be a challenge for companies, especially in dealing with the complexity of privacy and data protection regulations,” said Dr. Larry Ponemon, chairman and founder, Ponemon Institute. “To ensure compliance, it is important for companies to consider deploying such technologies as encryption, tokenization or other cryptographic solutions to secure sensitive data transferred and stored in the cloud.”
In 2014, 60% of respondents felt it was more difficult to protect confidential or sensitive information when using cloud services. This year, 54% said the same. Difficulty in controlling or restricting end-user access increased from 48% in 2014 to 53% of respondents in 2016.
According to the survey, customer information, emails, consumer data, employee records and payment information are the types of data most often stored in the cloud. Since 2014, the storage of customer information in the cloud has increased the most, from 53% in 2014 to 62% of respondents saying their company was doing this today, with 53% considering customer information the data most at risk in the cloud.
While the importance of encryption is growing, it is not yet widely deployed in the cloud. For example, for SaaS, the most popular type of cloud-based service, only 34% of respondents say their organization encrypts or tokenizes sensitive or confidential data directly within cloud-based applications.