More than half of all respondents said their organization is transferring sensitive or confidential data to the cloud – an increase of about 10% compared with last year’s study.
“Staying in control of sensitive or confidential data is paramount for most organizations today, and yet our survey shows they are transferring ever more of their most valuable data assets to the cloud,” said Larry Ponemon, chairman and founder of the Ponemon Institute, in a statement.
The research showed a marked increase in confidence among respondents in the ability of cloud providers to protect the sensitive and confidential data entrusted to them – up from 41% (2011) to 56% (2012). More than 60% of respondents that use cloud today believe the cloud provider has primary responsibility for protecting that data, and 22% believed the cloud consumer to be responsible. However, the pattern is reversed for users of infrastructure-as-a-service (IaaS) cloud offerings.
Excluding network-level encryption tools such as SSL, on a global basis the use of encryption to protect data before it goes to the cloud is 33% higher than the use of encryption within the cloud itself. When encryption is applied inside the cloud, it is more than a third more common in software-as-a-service (SaaS) offerings than other service types.
However, just over half of respondents say they don’t know what their cloud provider actually does to protect their data – and only 30% say they do know. But, again, this is an improvement on last year where 62% of respondents said they didn’t know what measures their cloud provider took to protect their data.
The firms also found that when it comes to key management, there is still no clear picture as to perceived responsibility. In most cases, the respondents report that their own organizations look after their own keys; however, this has declined from the previous year (36% and 29%, respectively). There is also an apparent shift toward key management being perceived to be a shared responsibility between cloud user and cloud provider. This might point to the growing interest in key management standards, the survey found, and in particular the OASIS Key Management Interoperability Protocol (KMIP). Cloud encryption has been identified as the most valuable usage scenario for the new protocol.
“Perceived responsibility for data protection, awareness of security measures, confidence and impact on overall security posture illustrate important regional and service type differences, but overall the trend is positive,” Ponemon said. “Respondents generally feel better informed, more confident in their cloud service providers and more positive about the impact on their security posture compared with last year.”
27 June 2013
We are seeing a lot of cloud security solutions on the market, including our own. Like this article says, many of our customers are moving away from a hybrid cloud approach and putting their sensitive data in the cloud. Our military grade data encryption and key management software allows organizations to safely store their data in the cloud while meeting compliance requirements from HIPAA, PCI, etc. We would love to see more articles on this topic and any feedback is welcome on our website, www.crypteron.com
Note: The majority of comments posted are created by members of the
public. The views expressed are theirs and unless specifically stated are not those
Elsevier Ltd. We are not responsible for any content posted by members of the public
or content of any third party sites that are accessible through this site. Any links
to third party websites from this website do not amount to any endorsement of that
site by the Elsevier Ltd and any use of that site by you is at your own risk. For
further information, please refer to our Terms & Conditions.
Comment on this article
You must be registered and logged in to leave a comment
about this article.