While organizations are more frequently moving critical workloads to the cloud, the majority are not implementing adequate data governance and security measures to protect sensitive data, according to a study conducted by the Ponemon Institute.
The 2016 Global Cloud Data Security Study (gated), which was commissioned by security provider Gemalto, reveals that only half of all cloud assets are actually controlled by IT departments, and only a third of the sensitive data stored in the cloud is encrypted.
The study queried over 3,400 IT and IT security professionals around the globe regarding key trends in data governance and security practices for cloud-based services, and found that the majority of organizations do not have a proactive approach for compliance and security for their cloud environments.
“Cloud security continues to be a challenge for companies, especially in dealing with the complexity of privacy and data protection regulations,” said Dr. Larry Ponemon.
“To ensure compliance, it is important for companies to consider deploying such technologies as encryption, tokenization or other cryptographic solutions to secure sensitive data transferred and stored in the cloud.”
Key findings in the study include:
- 47% of corporate data stored in cloud environments is not managed or controlled by the IT department
- 70% cited the inability to apply conventional information security to cloud environments
- 69% noted an inability to directly inspect cloud providers for security compliance
- 53% said customer information the data most at risk in the cloud
- Only 21% said the security team is involved in decisions about implementing cloud application or platforms
- 64% said their organizations do not have a policy that requires use of encryption as a condition for using certain cloud computing applications
- 45% of companies are not using multi-factor authentication to secure employee and third-party access to applications and data in the cloud
“It’s quite obvious security measures are not keeping pace because the cloud challenges traditional approaches of protecting data when it was just stored on the network,” said Jason Hart of Gemalto.
“It is an issue that can only be solved with a data-centric approach in which IT organizations can uniformly protect customer and corporate information across the dozens of cloud-based services their employees and internal departments rely every day.”