A new global study from Thales and the Ponemon Institute has exposed a disparity between the rapid growth of data stored in the cloud and organizations’ approaches to cloud security.
The firms surveyed more than 3000 IT and IT security practitioners in Australia, Brazil, France, Germany, India, Japan, the UK and the US, discovering that whilst nearly half (48%) of all corporate data is stored in the cloud, only 32% of organizations believe protecting data in the cloud is their own responsibility.
What’s more, the study found that organizations consider cloud service providers to be the ones to bear the most responsibility for securing sensitive data in the cloud (35%), although just 23% of respondents said security was a factor to them when selecting a cloud service provider.
Furthermore, the research found that more than half (51%) of businesses and other organizations still do not use encryption or tokenization to protect sensitive data in the cloud, whilst 54% of respondents stated that cloud storage makes it more difficult to protect sensitive data.
“With businesses increasingly looking to use multiple cloud platforms and providers, it’s vital they understand what data is being stored and where,” said Larry Ponemon, chairman and founder of the Ponemon Institute. “Not knowing this information makes it essentially impossible to protect the most sensitive data – ultimately leaving these organizations at risk. We’d encourage all companies to take responsibility for understanding where their data sits to ensure it’s safe and secure.”
Tina Stewart, vice-president of market strategy for cloud protection and licensing activity at Thales, added: “This study shows that businesses today are taking advantage of the opportunities that new cloud options offer, but aren’t adequately addressing data security. Having pushed the responsibility towards cloud providers, it is surprising to see that security is not a primary factor during the selection process. It does not matter what model or provider you choose, the security of your business’ data in the cloud has to be your responsibility. Your organization’s reputation is on the line when a data breach occurs, so it is critical to ensure in-house teams keep a close eye on your security posture and always retain control of encryption keys.”