A recent survey conducted by the Poenmon Institute has revealed less than a third (32%) of companies are adopting a security-first approach to data stored in the cloud.
The survey was conducted for the 2019 Thales Global Cloud Security Study on 3,000 IT and IT security professionals in 8 countries – Australia, Brazil, France, Germany, India, Japan, the UK and the US.
The survey revealed 48% of corporate data is now stored in the cloud compared to 35% in 2016. While there is still considerable concern about cloud security, that has not translated into organizations applying appropriate security controls to ensure their data is properly protected against unauthorized access.
Less than half of organizations (49%) that store data in the cloud encrypt their data and while 78% of businesses say it is important to retain ownership of encryption keys, only 53% of businesses that encrypt data in the cloud retain control their encryption keys.
Many businesses do not take ownership of the security of sensitive data in the cloud. 35% of respondents believed security was the sole responsibility of the cloud service provider, compared to 31% who thought security was their responsibility. 33% believed security was a shared responsibility. In the majority of cases, security is a shared responsibility. The service provider will apply security controls to protect the infrastructure, but it is the responsibility of each company to protect data in their cloud applications.
Given the high number of companies that are not encrypting their data and are falling to take ownership of data security, it is perhaps no surprise that 46% of respondents believed that storing customer data in the cloud made them a security risk and 56% said it made them a compliance risk. It is also surprising that only 23% said security was a factor when selecting a cloud provider.
“Having pushed the responsibility towards cloud providers, it is surprising to see that security is not a primary factor during the selection process,” said Tina Stewart, Thales VP of market strategy for cloud protection and licensing activity. “It doesn’t matter what model or provider you choose, the security of your business’ data in the cloud has to be your responsibility.
One issue highlighted by the survey was the complexity of securing data in the cloud. 70% of respondents said the cloud made it harder to secure data and 67% said traditional security measures were more difficult to deploy in the cloud.
“With businesses increasingly looking to use multiple cloud platforms and providers, it’s vital they understand what data is being stored and where,” said Larry Ponemon, chairman and founder of the Ponemon Institute. “Not knowing this information makes it essentially impossible to protect the most sensitive data – ultimately leaving these organizations at risk. We’d encourage all companies to take responsibility for understanding where their data sits to ensure it’s safe and secure.”
