Rush to the Cloud Leaves Security in the Dust

While organizations are more frequently moving critical workloads to the cloud, the majority are not implementing adequate data governance and security measures to protect sensitive data, according to a study conducted by the Ponemon Institute.

The 2016 Global Cloud Data Security Study (gated), which was commissioned by security provider Gemalto, reveals that only half of all cloud assets are actually controlled by IT departments, and only a third of the sensitive data stored in the cloud is encrypted.

The study queried over 3,400 IT and IT security professionals around the globe regarding key trends in data governance and security practices for cloud-based services, and found that the majority of organizations do not have a proactive approach for compliance and security for their cloud environments.

“Cloud security continues to be a challenge for companies, especially in dealing with the complexity of privacy and data protection regulations,” said Dr. Larry Ponemon.

“To ensure compliance, it is important for companies to consider deploying such technologies as encryption, tokenization or other cryptographic solutions to secure sensitive data transferred and stored in the cloud.”

Key findings in the study include:

  • 47% of corporate data stored in cloud environments is not managed or controlled by the IT department
  • 70% cited the inability to apply conventional information security to cloud environments
  • 69% noted an inability to directly inspect cloud providers for security compliance
  • 53% said customer information the data most at risk in the cloud
  • Only 21% said the security team is involved in decisions about implementing cloud application or platforms
  • 64% said their organizations do not have a policy that requires use of encryption as a condition for using certain cloud computing applications
  • 45% of companies are not using multi-factor authentication to secure employee and third-party access to applications and data in the cloud

“It’s quite obvious security measures are not keeping pace because the cloud challenges traditional approaches of protecting data when it was just stored on the network,” said Jason Hart of Gemalto.

“It is an issue that can only be solved with a data-centric approach in which IT organizations can uniformly protect customer and corporate information across the dozens of cloud-based services their employees and internal departments rely every day.”

About Anthony M. Freed

Anthony M. Freed is the Director of Corporate Communications at, the leader in cloud infrastructure security and compliance solutions. He is also the Communications Advisor for the Cyber Security Forum Initiative (CSFI), which provides cyber warfare awareness, guidance, and tactical training to assist the government, military, the private sector, and our international partners. Freed was formerly a security journalist who authored numerous investigative reports which have been sourced and cited by dozens of major media outlets. Noteworthy stories include uncovering the Symantec NAV source code leak and the breach of login credentials for dozens of federal government agencies. Freed also provided exclusive coverage of the asymmetric attacks by hacktivist The Jester (th3j35t3r) against militant Jihadist websites, Wikileaks after the disclosure of the State Department cables, and the iFrame injection psyops campaign that targeted the regime of former Libyan dictator Muammar Qaddafi.

More posts by Anthony

Tags: , , , , , , , , , , , , , , ,