Only a Third of All Sensitive Data Stored in Cloud Apps is Encrypted

According to the results of a recent survey of 3,476 IT and IT security practitioners worldwide, just one third of all sensitive corporate data stored in cloud-based applications is encrypted.

The survey, conducted by the Ponemon Institute and commissioned by Gemalto, also found that 73 percent of respondents said cloud-based services and platforms are important to their organization’s operations, and 81 percent said they will become more important over the next two years.

Just over a third (36 percent) of respondents said their companies’ total IT and data processing needs are met using cloud resources today, and that’s expected to increase to 45 percent over the next two years.

“Organizations have embraced the cloud with its benefits of cost and flexibility but they are still struggling with maintaining control of their data and compliance in virtual environments,” Gemalto vice president and chief technology officer for data protection Jason Hart said in a statement.

More than half (56 percent) of respondents said their organization isn’t careful about sharing sensitive information in the cloud with third parties, and 54 percent said their companies don’t have a proactive approach to compliance with privacy and security regulations for data in cloud environments.

Just 21 percent of respondents said members of the security team are involved in the decision-making process about using given cloud applications or platforms, and 54 percent said it’s more difficult to protect confidential or sensitive information when using cloud services.

Sixty-four percent of organizations do not have a policy requiring use of security safeguards such as encryption as a condition for using certain cloud applications, and 45 percent don’t use multi-factor authentication to secure access to applications and data in the cloud.

And while 65 percent of respondents said their organizations are committed to protecting confidential or sensitive information in the cloud, 49 percent of cloud services are deployed by departments other than corporate IT, and 47 percent of all corporate data stored in the cloud is not managed or controlled by IT departments.

Still, 54 percent of respondents are confident IT is aware of all cloud computing applications, platforms or infrastructure services in use, a nine percent increase from 2014.

“Cloud security continues to be a challenge for companies, especially in dealing with the complexity of privacy and data protection regulations,” Ponemon Institute chairman and founder Dr. Larry Ponemon said in a statement.

“To ensure compliance, it is important for companies to consider deploying such technologies as encryption, tokenization or other cryptographic solutions to secure sensitive data transferred and stored in the cloud,” Ponemon added.

A separate Spiceworks survey of almost 300 IT pros found that just 19 percent of respondents believe all IT services will eventually move to the cloud, just 24 percent believe corporate data is more vulnerable to a breach in the cloud as opposed to on premise, and just 29 percent believe employee or customer personal and financial data should not be stored in the cloud.

Silll, 57 percent of respondents said cloud services have made shadow IT more problematic.

A recent eSecurity Planet article looked at six questions to ask yourself about cloud security.

Jeff Goldman
Jeff Goldman has been a technology journalist for more than 20 years and an eSecurity Planet contributor since 2009.

Top Products

Related articles