This week we released the findings of a global cloud security study conducted by the Ponemon Institute. The study surveyed more than 3,400 IT and IT security practitioners worldwide to gain insights into organizations’ data governance and security practices for cloud-based services.
Six Key Findings from Our Cloud Security Study:
1. The “cloud” is central to IT operations and business strategy
According to 73 percent of respondents, cloud-based services and platforms are considered important to their organization’s operations and 81 percent said they will be more so over the next two years. In fact, thirty-six percent of respondents said their companies’ total IT and data processing needs were met using cloud resources today and that they expected this to increase to forty-five percent over the next two years.
2. Cloud security can be stormy because of shadow IT
According to respondents, nearly half (49 percent) of cloud services are deployed by departments other than corporate IT, and an average of 47 percent of corporate data stored in cloud environments is not managed or controlled by the IT department.
3. Conventional security practices do not work in the cloud
54 percent of respondents felt it was more difficult to protect confidential or sensitive information when using cloud services. 70 percent said it was more difficult to apply conventional information security in cloud environments.
4. Many companies lack data governance policies for information stored in the cloud
Although cloud-based resources are becoming more important to companies’ IT operations and business strategies, 54 percent of respondents did not agree their companies have a proactive approach to managing security and complying with privacy and data protection regulations in cloud environments. This is despite the fact that 65 percent of respondents said their organizations are committed to protecting confidential or sensitive information in the cloud.
5. Encryption is important, but not yet pervasive in the cloud
Seventy-two percent of respondents said the ability to encrypt or tokenize sensitive or confidential data is important, with 86 percent saying it will become more important over the next two years, up from 79 percent in 2014. In addition, on average companies have 12 applications that require encryption. While the importance of encryption is growing, it is not yet widely deployed in the cloud. For example, for SaaS, the most popular cloud-based service, only 34 percent of respondents say their organization encrypts or tokenizes sensitive or confidential data directly within cloud-based applications.
6. Many companies still only use passwords to secure access to cloud services
About half (forty-five percent) of companies are not using multi-factor authentication to secure employee and third-party access to applications and data in the cloud, which means many companies are still relying on just user names and passwords to validate identities. This puts more data at risk because fifty-eight percent of respondents say their organizations have third-party users accessing their data and information in the cloud.
Key Recommendations for IT Security Professionals
Here are a few key recommendations to keep your sensitive data safe in their cloud:
Create centralized policies and procedures for data governance
The new realities of Cloud IT mean that IT organizations need to set comprehensive policies for data governance and compliance, create guidelines for the sourcing of cloud services, and establish rules for what data can and cannot be stored in the cloud.
Deploy data security measures that empower “Shadow IT” and protect sensitive data
IT organizations can accomplish their mission to protect corporate data while being an enabler of “Shadow IT” by implementing data security measures such as encryption. These measures allow IT teams to protect data in the cloud in a centralized fashion as their internal organizations source cloud-based services as needed.
Protect access to cloud services for employees, partners and vendors
As companies store more data in the cloud and utilize more cloud-based services, IT organizations need to place greater emphasis on stronger user access controls with multi-factor authentication. This is even more important for companies that give third-parties and vendors to access their data in cloud.
- Download the full report, including country-specific data and insights, today!