A recent survey of more than 1,800 IT and IT security professionals worldwide has found that 44 percent of corporate data stored in cloud environments is not managed or controlled by the IT department — and just 19 percent of respondents said they’re very confident that they know about all cloud computing applications, platforms or infrastructure services in use in their organizations today.
Only 38 percent of organizations have clearly defined roles and accountability for securing confidential or sensitive information in the cloud.
The study, conducted by the Ponemon Institute and commissioned by SafeNet, also found that while 78 percent of respondents said cloud computing will be very important over the next two years, 70 percent said it’s more complex to manage privacy and data protection regulations in a cloud environment.
“While the cloud has revolutionized the way IT is delivered, many IT organizations are finding it difficult to keep up with demand for these services and the security implications that are created when critical data is stored in the cloud,” SafeNet chief strategy officer Tsion Gonen said in a statement.
Sixty-eight percent of respondents said the management of user identities is more difficult in the cloud, and 62 percent said their organizations allow third parties to access the cloud.
Only 39 percent of respondents said their organizations use encryption, tokenization or other cryptographic tools to protect data in the cloud, while 33 percent said they don’t know what, if any, security solutions they use.
“The findings reveal that global organizations are stuggling to secure data in the cloud due to the lack of critical governance and security practices in place,” Dr. Larry Ponemon, chairman and founder of the Ponemon Institute, said in a statement.
“To create a more secure cloud environment, organizations can begin with simple steps such as including IT security in establishing security policies and procedures; increasing visibility into the use of cloud applications, platforms, and infrastructure; and protecting data with encryption and stronger access controls, such as multi-factor authentication,” Ponemon added.
Recent?eSecurity Planet articles have examined managed security services’ role in cloud security and identity and access management’s role in secure cloud collaboration.
The full Ponemon report, entitled “The Challenges of Cloud Information Governance: A Global Data Security Study,” is available here [PDF].