Cloud Full of Sensitive and Confidential Data
Security concerns might be the number one inhibitor to using public cloud services yet the horses may have already left the barn.
A global survey of 4,000 IT managers and executives found nearly half, or 49 percent, already use cloud services to store sensitive or confidential information and another 33 percent plan to do so over the next two years. Only 19 percent said they don't, according to the survey, conducted by security and privacy research consultancy the Ponemon Institute and commissioned by Thales, an IT security and encryption software and services firm.
The findings piqued my attention given public cloud services are a non-starter for many large organizations, especially those with regulatory or compliance restrictions. However the Ponemon study canvassed enterprises of all sizes including small and mid-sized organizations, explained Ponemon institute chairman and founder Larry Ponemon.
I pointed Poneman the findings by the Open Data Center Alliance (ODCA), in which 40 percent of its membership said security was the key barrier to using public cloud services. "Even organizations that say security is an inhibitor, still seem to be using cloud services," Ponemon remarked.
The findings also showed that 44 percent believe cloud providers are responsible for protecting data in the cloud, while 30 percent felt it was their own responsibility and 24 percent reported it should be shared.
"Like anything else, you need to be careful in selecting your business partners," Poneman said. "A public cloud provider is a business partner and the fact they have access to your data, and possibly confidential and sensitive information is a big deal, and organizations need to see the cloud as a place that can be very insecure and the source of data breaches and security exploits. Not all cloud providers are the same."
When asked about the impact of cloud services on an organization's security posture, 44 percent said it had no change and 39 percent said it decreased. Only 10 percent said it increased, while 7 percent were unsure.
Only a small percentage, 11 percent, said their cloud provider encrypts data for them, while the rest assume responsibility for encryption. Of those 38, percent encrypt data in transit, 35 percent do so before it is transferred to a cloud provider and 16 percent use encryption selectively at the application layer within a cloud environment.
Thirty six percent of those using encryption handle key management within their organizations, while 22 percent rely on a third party other than the cloud provider. Another 22 percent let the cloud provider manage the keys and 18 percent said it was a combination.
Posted by Jeffrey Schwartz on 08/28/2012 at 1:14 PM