Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more

IT: Poised to Lose the Battle for Security in the Cloud

While businesses, government departments and other entities continue to move their mission-critical information functions to the cloud to save costs and boost productivity, IT departments are finding it difficult to ensure security policies in that environment. In fact, new Ponemon Institute research has revealed the disheartening statistic that IT has no management control over 44% of the data stored in the cloud.

It follows that companies lack a single point of accountability when it comes to data security in the cloud. The survey found that only 38% of organizations have clearly defined roles and accountability for safeguarding confidential or sensitive information in a borderless environment.

This is concerning, considering that respondents on average estimate that 33% of their organizations’ total IT and data processing requirements are met with cloud resources today—which is a number that’s expected to increase to an average of 41% within two years.

“The findings reveal that global organizations are struggling to secure data in the cloud due to the lack of critical governance and security practices in place,” said Larry Ponemon, chairman and founder of the Ponemon Institute, in a statement. “To create a more secure cloud environment, organizations can begin with simple steps such as including IT security in establishing security policies and procedures; increasing visibility into the use of cloud applications, platforms, and infrastructure; and protecting data with encryption and stronger access controls, such as multi-factor authentication.”

And indeed, many security teams are looking to encryption and multifactor authentication when it comes to getting their arms around this. More than two-thirds (71%) of respondents said that it is more difficult to protect sensitive data in the cloud using conventional security practices. Nearly half (48%) say it’s more difficult to control or restrict end-user access to cloud data.

More than one-third (34%) of IT professionals surveyed say their organizations already have a policy in place that requires the use of security safeguards such as encryption as a condition for using certain cloud computing resources. About 39% say their organizations already use encryption, tokenization or other cryptographic tools to protect data in the cloud.

Those numbers will grow: many more (71%) say the ability to encrypt or tokenize sensitive or confidential data is important, and 79% say it will become more important over the next two years.

Other work to secure data in the cloud includes using private data network connectivity (43%) and 29% say they use premium security services provided by their cloud provider.

In the not-so-great column, 33% say they don’t know what security solutions they use.

“While the cloud has revolutionized the way IT is delivered, many IT organizations are finding it difficult to keep up with demand for these services and the security implications that are created when critical data is stored in the cloud,” said Tsion Gonen, chief strategy officer at report sponsor SafeNet. “And as we’ve seen in 2014 with a raft of record-breaking data breaches, organizations are attacked frequently from different angles. In order to mitigate risk, there needs to be focused coordination and new approaches to securing data in the cloud, and IT needs to be at the center of this migration.”

While businesses, government departments and other entities continue to move their mission-critical information functions to the cloud to save costs and boost productivity, IT departments are finding it difficult to ensure security policies in that environment. In fact, new Ponemon Institute research has revealed the disheartening statistic that IT has no management control over 44% of the data stored in the cloud.

It follows that companies lack a single point of accountability when it comes to data security in the cloud. The survey found that only 38% of organizations have clearly defined roles and accountability for safeguarding confidential or sensitive information in a borderless environment.

This is concerning considering that respondents on average estimate that 33% of their organizations’ total IT and data processing requirements are met with cloud resources today—which is a number that’s expected to increase to an average of 41% within two years.

“The findings reveal that global organizations are struggling to secure data in the cloud due to the lack of critical governance and security practices in place,” said Larry Ponemon, chairman and founder of the Ponemon Institute, in a statement. “To create a more secure cloud environment, organizations can begin with simple steps such as including IT security in establishing security policies and procedures; increasing visibility into the use of cloud applications, platforms, and infrastructure; and protecting data with encryption and stronger access controls, such as multi-factor authentication.”

And indeed, many security teams are looking to encryption and multifactor authentication when it comes to getting their arms around this. More than two-thirds (71%) of respondents said that it is more difficult to protect sensitive data in the cloud using conventional security practices. Nearly half (48%) say it’s more difficult to control or restrict end-user access to cloud data.

More than one-third (34%) of IT professionals surveyed say their organizations already have a policy in place that requires the use of security safeguards such as encryption as a condition for using certain cloud computing resources. About 39% say their organizations already use encryption, tokenization or other cryptographic tools to protect data in the cloud.

Those numbers will grow: many more (71%) say the ability to encrypt or tokenize sensitive or confidential data is important, and 79% say it will become more important over the next two years.

Other work to secure data in the cloud includes using private data network connectivity (43%) and 29% say they use premium security services provided by their cloud provider.

In the not-so-great column, 33% say they don’t know what security solutions they use.

“While the cloud has revolutionized the way IT is delivered, many IT organizations are finding it difficult to keep up with demand for these services and the security implications that are created when critical data is stored in the cloud,” said Tsion Gonen, chief strategy officer at report sponsor SafeNet. “And as we’ve seen in 2014 with a raft of record-breaking data breaches, organizations are attacked frequently from different angles. In order to mitigate risk, there needs to be focused coordination and new approaches to securing data in the cloud, and IT needs to be at the center of this migration.”

What’s Hot on Infosecurity Magazine?