Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Wednesday, 7 June, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Organisations worldwide failing to adequately protect sensitive data in the cloud

by The Gurus
October 9, 2019
in Guru's Picks
Public Cloud
Share on FacebookShare on Twitter

A new global study from Thales, with research from the Ponemon Institute, has exposed an increasing disparity between the rapid growth of data stored in the cloud and an organisation’s approach to cloud security. Although nearly half (48%) of corporate data is stored in the cloud, only a third (32%) of organisations admit they employ a security-first approach to data storage in the cloud.

Surveying over 3,000 IT and IT security practitioners in Australia, Brazil, France, Germany, India Japan, the United Kingdom and the United States, the research found that only one in three (31%) organisations believe that protecting data in the cloud is their own responsibility.

Increased multi-cloud cloud use, but with risks

With the proliferation of cloud-based services, businesses and other organisations are increasingly dependent on cloud providers. In fact, nearly half (48%) of organisations have a multi-cloud strategy, with Amazon Web Services (AWS), Microsoft Azure and IBM being the top three. The study found that, on average, organisations use three different cloud service providers and over a quarter (28%) are using four or more.

Despite storing sensitive data in the cloud, nearly half (46%) surveyed revealed that storing consumer data in the cloud makes them more of a security risk. Over half (56%) also noted that it posed a compliance risk. In addition, organisations believe that cloud service providers bear the most responsibility for sensitive data in the cloud (35%), ahead of shared responsibility (33%) and themselves (31%). Even though businesses are pushing the responsibility to cloud providers, only 23% say security is a factor in selecting them.

“With businesses increasingly looking to use multiple cloud platforms and providers, it’s vital they understand what data is being stored and where,” said Larry Ponemon, chairman and founder of the Ponemon Institute. “Not knowing this information makes it essentially impossible to protect the most sensitive data — ultimately leaving these organisations at risk. We’d encourage all companies to take responsibility for understanding where their data sits to ensure it’s safe and secure.”

Encryption increasing, but organisations handing over keys to cloud providers

Roughly half (51%) of businesses and other organisations still do not use encryption or tokenisation to protect sensitive data in the cloud. The study uncovered regional disparities in terms of data security, with German organisations being the most advanced in their use of encryption at 66%.

Organisations are handing over the keys to their encrypted data to cloud providers. Nearly half of cloud companies (44%) provide the encryption keys when data is encrypted in the cloud, ahead of in-house teams (36%) and third parties (19%). On top of this, 53% are controlling these encryption keys themselves, despite 78% saying it’s important their organisation retains control of the keys.

Over half of businesses (54%) think cloud storage makes it more difficult to protect sensitive data, up from 49% last year. More than 70% believe that data in a cloud environment is harder to protect due to the complexity of managing privacy and data protection regulations, while an additional two-thirds (67%) cited the difficulty of applying conventional security methods in the cloud.

“This study shows  that businesses today are taking advantage of the opportunities that new cloud options offer, but aren’t adequately addressing data security,” said Tina Stewart, vice president of market strategy for cloud protection and licensing activity at Thales. “Having pushed the responsibility towards cloud providers, it is surprising to see that security is not a primary factor during the selection process. It doesn’t matter what model or provider you choose, the security of your business’ data in the cloud has to be your responsibility. Your organisation’s reputation is on the line when a data breach occurs, so it is critical to ensure in-house teams keep a close eye on your security posture and always retain control of encryption keys.”

Boris Cipot, senior security engineer at Synopsys, commented “Almost every company in the world collects some sort of user data. There is virtually no service that doesn’t require its users to hand over identifiable information, which in many cases is also sensitive enough to be valuable to cybercriminals looking for a profit. When a database of personally identifiable information is compromised, both the company that suffers the breach and the customers whose data is stolen have to pay the consequences.

For this reason, users should do whatever they can to make sure that the information they pass on is protected to the highest standard, while companies should earn their users’ trust by making every effort to protect their databases. I would recommend companies to combine the efforts of an internal team with an external service that can strengthen the security barriers in place.

Another important point that companies need to consider is that if they store data in the cloud, their cloud provider is not responsible for its security. Service providers are responsible for the security of the cloud, while clients remain in charge of the security of their assets in the cloud. Therefore, when setting up a database on a virtual server, organisations may want to consider looking for external help to configure it properly and avoid accidentally leaving information exposed.”

FacebookTweetLinkedIn
ShareTweet
Previous Post

New LastPass research finds password habits remain key obstacle to business’ security

Next Post

Sesame Street Online Store Targeted by Credit-Card Stealing Hack

Recent News

large open office, bright.

Employees Feel 10 Times Calmer in an Environmentally Friendly Office Space

June 7, 2023
Blue Logo OUTPOST24

Outpost24 Acquires EASM Provider Sweepatic

June 7, 2023
Standard post, logos of brands, headshot.

J Brand: The Challenges of Putting Mental Health First in an Unfamiliar Industry

June 6, 2023
iPad with Anxiety written on it in capitals.

Half of UK Employees Suffer From “Sunday Scaries”

June 6, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information