Advertisment

Cloud is not for sensitive data, think again

author-image
CIOL Bureau
Updated On
New Update

WESTON, USA: For all those who have been saying that cloud not being a case for sensitive data, here is the shocker.

Advertisment

According to a study, a majority of organizations have already transferred, or plan to transfer, sensitive or confidential data into the cloud environment.

And, a majority of them believe the cloud provider has the primary responsibility for protecting that data.

Eighty-two per cent of organizations who participated in a global study, 'Encryption in the Cloud', conducted by the Ponemon Institute and commissioned by Thales also finds that about half of all respondents say their organizations currently transfer sensitive or confidential data to the cloud environment.

Advertisment

Sixty-four per cent of organizations that currently transfer sensitive or confidential data to the cloud believe the cloud provider has primary responsibility for protecting that data

Another one-third of respondents say their organizations are very likely to transfer sensitive or confidential data to the cloud within the next two years.

Larry Ponemon, chairman and founder, Ponemon Institute, says: “It’s a rather sobering thought that nearly half of respondents say that their organization already transfers sensitive or confidential data to the cloud even though thirty-nine percent admit that their security posture has been reduced as a result. This clearly demonstrates that for many organizations the economic benefits of using the cloud outweigh the security concerns."

Advertisment

"However, it is particularly interesting to note that it is those organizations that have a strong overall security posture that appear to be more likely to transfer this class of information to the cloud environment — possibly because they most understand how and where to use tools such as encryption to protect their data and retain control."

The survey found that thirty-nine percent of respondents believe cloud adoption has decreased their companies’ security posture.

"What is perhaps most surprising is that nearly two thirds of those that move sensitive data to the cloud regard their service providers as being primarily responsible for protecting that data, even though a similar number have little or no knowledge about what measures their providers have put in place to protect data. This represents an enormous opportunity for cloud providers to articulate what they are doing to secure data in the cloud and differentiate themselves from the competition,” he adds.

Advertisment

Richard Moulds, vice president, strategy, Thales e-Security, says: “Staying in control of sensitive or confidential data is paramount for most companies today. For any organization that is still weighing the advantages of using cloud computing with the potential security risks of doing so, it is important to know that encryption is one of the most valuable tools for protecting data."

Nearly two thirds of respondents say they do not know what cloud providers are actually doing in order to protect the sensitive or confidential data entrusted to them.

"However, just as with any type of encryption, it only delivers meaningful value if deployed correctly and with encryption keys that are managed appropriately. Effective key management is emblematic of control and the need for centralized and automated key management integrated with existing IT business processes is a necessity. Even if you allow your data to be encrypted in the cloud, it’s important to know you can still keep control of your keys. If you control the keys, you control the data,” Moulds adds.

There is almost an even split between respondents who say their organization applies persistent encryption to data before it is transferred to the cloud provider and those that say they rely on encryption that is applied within the cloud environment.

Thirty-six per cent of respondents say their organization has primary responsibility for managing the keys. Twenty-two percent say the cloud provider has primary responsibility for encryption key management. Even in cases where encryption is performed inside the enterprise, more than half of respondents hand over control of the keys to the cloud provider.

smac