Ponemon: Cloud Adoption Grows as Security Lags

Cloud adoption is growing, but companies aren’t taking security into account the way they should. A fresh Ponemon Institute survey shows that many businesses simply aren’t adopting appropriate governance and security measures to protect sensitive data in the cloud.

The results show that 73% of respondents deem cloud-based services and platforms important to their organization’s operations, and 81% said they will be more so over the next two years. And in fact, 36% of respondents said their companies’ total IT and data processing needs were met using cloud resources today (a number that will increase to 45% over the next two years).

Yet, 54% of respondents said their companies do not have a proactive approach to managing security and complying with privacy and data protection regulations in cloud environments. More than half say their organizations are not careful about sharing sensitive information in the cloud with third parties such as business partners, contractors and vendors.

“Cloud security continues to be a challenge for companies, especially in dealing with the complexity of privacy and data protection regulations,” said Larry Ponemon, chairman and founder, Ponemon Institute. “To ensure compliance, it is important for companies to consider deploying such technologies as encryption, tokenization or other cryptographic solutions to secure sensitive data transferred and stored in the cloud.”

The challenges are myriad: For one, difficulty in controlling or restricting end-user access increased from 48% in 2014 to 53% of respondents in 2016. The other major challenges that make security difficult include the inability to apply conventional information security in cloud environments (70% of respondents) and the inability to directly inspect cloud providers for security compliance (69% of respondents). There’s also the shadow IT issue: nearly half (49%) of cloud services are deployed by departments other than corporate IT, and an average of 47% of corporate data stored in cloud environments is not managed or controlled by the IT department.

“Organizations have embraced the cloud with its benefits of cost and flexibility but they are still struggling with maintaining control of their data and compliance in virtual environments,” said Jason Hart, vice president and CTO for data protection at Gemalto, which sponsored the report. “It’s quite obvious security measures are not keeping pace, because the cloud challenges traditional approaches of protecting data when it was just stored on the network. It is an issue that can only be solved with a data-centric approach in which IT organizations can uniformly protect customer and corporate information across the dozens of cloud-based services their employees and internal departments rely [on] every day.”

There are some positive results in the survey. Despite lagging in implementation, 65% of respondents said their organizations are committed to protecting confidential or sensitive information in the cloud. And there’s improvement: In 2014, 60% of respondents felt it was more difficult to protect confidential or sensitive information when using cloud services. This year, just 54% said the same. Similarly, confidence in knowing all cloud computing services in use is increasing: 54% of respondents are confident that the IT organizations know all cloud computing applications, platform or infrastructure services in use—a 9% increase from 2014.

Photo © nobeastsofierce

What’s Hot on Infosecurity Magazine?