A new report from CipherCloud and Osterman Research shows businesses have a high level of concern about the exposure of sensitive and regulated information in the cloud to security threats. However, despite this anxiety organizations persist with data protection gaps that open them up to significant data risks.
The firms’ research found that whilst the majority of the cloud security pros quizzed are worried about cloud data protection and threats to SaaS applications, with 70% fearful of data breaches, threats to the application layer and system vulnerabilities, only 37% persevere with encrypting data in the cloud.
What’s more, respondents were also uncomfortable about outsiders being able to decrypt their information, with more than half being uneasy with the thought of government agencies doing so, yet 75% use keys managed by cloud providers, third-parties or shared with either.
"As cloud adoption continues to grow, so does the amount of sensitive and regulated data going into the cloud. This survey uncovers significant data protection gaps and misconceptions around encryption usage that are putting that sensitive data at risk," said Michael Osterman, president of Osterman Research.
Organizations that operate multiple cloud applications – particularly those in heavily regulated industries – must identify multi-cloud security solutions that can help them close their data protection gaps, he added.
Finally, data owners appear to be over relying on others to secure their information, despite a growing number of compliance regulations meaning they are the ones who bear ultimate responsibility and legal accountability if their data is breached. Worryingly, just 32% of respondents were aware of this.
"These research findings should serve as a wake-up call to data owners who are worried about cloud security, yet continue to outsource responsibility for data protection to their IT teams or cloud providers," said Willy Leichter, vice-president, marketing for CipherCloud. "A new approach is needed for multi-cloud security that includes encrypting data in use. Only then can organizations feel confident their sensitive data is protected."