Survey Finds Majority of Businesses Risk Sensitive Data in Cloud

  • Aug 09, 2012

Thales, leader in information systems and communications security announces that eighty-two percent of organizations already transfer, or plan to transfer, sensitive or confidential data into the cloud environment according to Encryption in the Cloud, a global study of 4,000 business and IT managers conducted by the Ponemon Institute and commissioned by Thales.

The study examines perceptions and current practices surrounding the threats and protection issues relating to sensitive or confidential data in the cloud. It reveals startling attitudes about who is considered responsible for protecting this valuable and often regulated class of data – the cloud service provider or cloud service consumer. The findings are also significant in explaining where data encryption is applied inside and outside the cloud and, most importantly who manages the associated encryption keys.

The study goes on to examine some of the more practical aspects of encryption deployment in particular, and specifically addresses questions about whether organizations apply encryption themselves before data leaves the organization’s environment or whether encryption is expected to be a component of the cloud services they use. In the case of cloud-based encryption, the report considers the role of encryption for protecting stored data as well as application-based encryption, which typically applies protection more selectively, potentially protecting individual data items.

Larry Ponemon, chairman and founder, Ponemon Institute, says:
“It’s a rather sobering thought that nearly half of respondents say that their organization already transfers sensitive or confidential data to the cloud even though thirty-nine percent admit that their security posture has been reduced as a result. This clearly demonstrates that for many organizations the economic benefits of using the cloud outweigh the security concerns. However, it is particularly interesting to note that it is those organizations that have a strong overall security posture that appear to be more likely to transfer this class of information to the cloud environment – possibly because they most understand how and where to use tools such as encryption to protect their data and retain control . What is perhaps most surprising is that nearly two thirds of those that move sensitive data to the cloud regard their service providers as being primarily responsible for protecting that data, even though a similar number have little or no knowledge about what measures their providers have put in place to protect data. This represents an enormous opportunity for cloud providers to articulate what they are doing to secure data in the cloud and differentiate themselves from the competition.”

Richard Moulds, vice president, strategy, Thales e-Security, says:
“Staying in control of sensitive or confidential data is paramount for most companies today. For any organization that is still weighing the advantages of using cloud computing with the potential security risks of doing so, it is important to know that encryption is one of the most valuable tools for protecting data. However, just as with any type of encryption, it only delivers meaningful value if deployed correctly and with encryption keys that are managed appropriately. Effective key management is emblematic of control and the need for centralized and automated key management integrated with existing IT business processes is a necessity. Even if you allow your data to be encrypted in the cloud, it’s important to know you can still keep control of your keys. If you control the keys, you control the data.”

KEY FINDINGS:

• What proportion of organizations are already transferring sensitive data to the cloud? About half of all respondents say their organizations currently transfer sensitive or confidential data to the cloud environment.
Another one-third of respondents say their organizations are very likely to transfer sensitive or confidential data to the cloud within the next two years.

• Has the use of cloud computing for sensitive data increased or decreased overall security? The survey found that thirty-nine percent of respondents believe cloud adoption has decreased their companies’ security posture.

• Who is responsible for data security in the cloud? Sixty-four percent of organizations that currently transfer sensitive or confidential data to the cloud believe the cloud provider has primary responsibility for protecting that data.

• How much visibility do decision makers have regarding cloud security?
Nearly two thirds of respondents say they do not know what cloud providers are actually doing in order to protect the sensitive or confidential data entrusted to them.

• Where is data encryption applied? There is almost an even split between respondents who say their organization applies persistent encryption to data before it is transferred to the cloud provider and those that say they rely on encryption that is applied within the cloud environment.

• Who manages the encryption keys when data is transferred to the cloud?
Thirty-six percent of respondents say their organization has primary responsibility for managing the keys. Twenty-two percent say the cloud provider has primary responsibility for encryption key management. Even in cases where encryption is performed inside the enterprise, more than half of respondents hand over control of the keys to the cloud provider.

 

Featured

  • 2024 Security Today New Product of the Year Award Winners Announced

    More than 20 companies are being recognized this year for products that help keep us safe. Read Now

  • It Always Rains in Florida

    Over the years, and many trips to various cities, I have experienced some of the craziest memorable things. One thing I always count on when going to Orlando is a massive rainstorm after the tradeshow has concluded the first day. Count on it, it is going to rain Monday evening. Expect that it will be a gully washer. Read Now

    • Industry Events

  • Live from GSX 2024 Preview

    It’s hard to believe, but GSX 2024 is almost here. This year’s show runs from Monday, September 23 to Wednesday, September 25 at the Orange County Convention Center in Orlando, Fla. The Campus Security Today and Security Today staff will be on hand to provide live updates about the security industry’s latest innovations, trends, and products. Whether you’re attending the show or keeping tabs on it from afar, we’ve got you covered. Make sure to follow the Live from GSX page for photos, videos, interviews, product demonstrations, announcements, commentary, and more from the heart of the show floor! Read Now

    • Industry Events

  • Elevate Your Business

    In today’s dynamic business environment, companies specializing in physical security are constantly evolving to remain competitive. One strategic shift these businesses can make to give them the advantage is a full or partial transition to a recurring revenue model, popularly called a subscription service. This approach will bring numerous benefits that not only enhance business stability but also improve customer relationships and drive innovation. Recurring monthly revenue (RMR) or recurring annual revenue (RAR) are two recurring cadence choices that work simply and effectively. Read Now

Most   Popular

Featured Cybersecurity

Webinars

New Products

  • Luma x20

    Luma x20

    Snap One has announced its popular Luma x20 family of surveillance products now offers even greater security and privacy for home and business owners across the globe by giving them full control over integrators’ system access to view live and recorded video. According to Snap One Product Manager Derek Webb, the new “customer handoff” feature provides enhanced user control after initial installation, allowing the owners to have total privacy while also making it easy to reinstate integrator access when maintenance or assistance is required. This new feature is now available to all Luma x20 users globally. “The Luma x20 family of surveillance solutions provides excellent image and audio capture, and with the new customer handoff feature, it now offers absolute privacy for camera feeds and recordings,” Webb said. “With notifications and integrator access controlled through the powerful OvrC remote system management platform, it’s easy for integrators to give their clients full control of their footage and then to get temporary access from the client for any troubleshooting needs.” 3

  • AC Nio

    AC Nio

    Aiphone, a leading international manufacturer of intercom, access control, and emergency communication products, has introduced the AC Nio, its access control management software, an important addition to its new line of access control solutions. 3

  • Mobile Safe Shield

    Mobile Safe Shield

    SafeWood Designs, Inc., a manufacturer of patented bullet resistant products, is excited to announce the launch of the Mobile Safe Shield. The Mobile Safe Shield is a moveable bullet resistant shield that provides protection in the event of an assailant and supplies cover in the event of an active shooter. With a heavy-duty steel frame, quality castor wheels, and bullet resistant core, the Mobile Safe Shield is a perfect addition to any guard station, security desks, courthouses, police stations, schools, office spaces and more. The Mobile Safe Shield is incredibly customizable. Bullet resistant materials are available in UL 752 Levels 1 through 8 and include glass, white board, tack board, veneer, and plastic laminate. Flexibility in bullet resistant materials allows for the Mobile Safe Shield to blend more with current interior décor for a seamless design aesthetic. Optional custom paint colors are also available for the steel frame. 3