Security stays a grey lining for the Cloud

NEW DELHI, INDIA: As many as 36 per cent of respondents in a study have said their companies' total IT and data processing needs were met using cloud resources today and that they expected this to increase to 45 per cent over the next two years.

As per findings from a Ponemon Institute study titled "The 2016 Global Cloud Data Security Study," commissioned by Gemalto; although cloud-based resources are becoming more important to companies' IT operations and business strategies, 54 per cent of respondents did not agree their companies have a proactive approach to managing security and complying with privacy and data protection regulations in cloud environments.

This is despite the fact that 65 per cent of respondents said their organizations are committed to protecting confidential or sensitive information in the cloud. Furthermore, 56 percent did not agree their organization is careful about sharing sensitive information in the cloud with third parties such as business partners, contractors and vendors.

The study uncovered that nearly half of cloud services are deployed by departments other than corporate IT, and an average of 47 per cent of corporate data stored in cloud environments is not managed or controlled by the IT department. However, confidence in knowing all cloud computing services in use is increasing with 54 per cent of respondents are confident that the IT organization knows all cloud computing applications, platform or infrastructure services in use – a nine per cent increase from 2014.

"Cloud security continues to be a challenge for companies, especially in dealing with the complexity of privacy and data protection regulations," said Dr. Larry Ponemon, chairman and founder, Ponemon Institute. "To ensure compliance, it is important for companies to consider deploying such technologies as encryption, tokenization or other cryptographic solutions to secure sensitive data transferred and stored in the cloud."

"Organizations have embraced the cloud with its benefits of cost and flexibility but they are still struggling with maintaining control of their data and compliance in virtual environments," said Jason Hart, Vice President and Chief Technology Officer for Data Protection at Gemalto. "

Conventional security practices do not apply in the cloud. In 2014, 60 per cent of respondents felt it was more difficult to protect confidential or sensitive information when using cloud services. This year, 54 per cent said the same. Difficulty in controlling or restricting end-user access increased from 48 per cent in 2014 to 53 per cent of respondents in 2016. The other major challenges that make security difficult include the inability to apply conventional information security in cloud environments (70 per cent of respondents) and the inability to directly inspect cloud providers for security compliance (69 per cent of respondents).