The Schwartz Cloud Report

Blog archive

Cloud Full of Sensitive and Confidential Data

Security concerns might be the number one inhibitor to using public cloud services yet the horses may have already left the barn.

A global survey of 4,000 IT managers and executives found nearly half, or 49 percent, already use cloud services to store sensitive or confidential information and another 33 percent plan to do so over the next two years. Only 19 percent said they don't, according to the survey, conducted by security and privacy research consultancy the Ponemon Institute and commissioned by Thales, an IT security and encryption software and services firm.

The findings piqued my attention given public cloud services are a non-starter for many large organizations, especially those with regulatory or compliance restrictions. However the Ponemon study canvassed enterprises of all sizes including small and mid-sized organizations, explained Ponemon institute chairman and founder Larry Ponemon.

I pointed Poneman the findings by the Open Data Center Alliance (ODCA), in which 40 percent of its membership said security was the key barrier to using public cloud services. "Even organizations that say security is an inhibitor, still seem to be using cloud services," Ponemon remarked.

The findings also showed that 44 percent believe cloud providers are responsible for protecting data in the cloud, while 30 percent felt it was their own responsibility and 24 percent reported it should be shared.

"Like anything else, you need to be careful in selecting your business partners," Poneman said. "A public cloud provider is a business partner and the fact they have access to your data, and possibly confidential and sensitive information is a big deal, and organizations need to see the cloud as a place that can be very insecure and the source of data breaches and security exploits. Not all cloud providers are the same."

When asked about the impact of cloud services on an organization's security posture, 44 percent said it had no change and 39 percent said it decreased. Only 10 percent said it increased, while 7 percent were unsure.

Only a small percentage, 11 percent, said their cloud provider encrypts data for them, while the rest assume responsibility for encryption. Of those 38, percent encrypt data in transit, 35 percent do so before it is transferred to a cloud provider and 16 percent use encryption selectively at the application layer within a cloud environment.

Thirty six percent of those using encryption handle key management within their organizations, while 22 percent rely on a third party other than the cloud provider. Another 22 percent let the cloud provider manage the keys and 18 percent said it was a combination.

Posted by Jeffrey Schwartz on 08/28/2012 at 1:14 PM


Featured

  • Microsoft Endpoint Manager Improvements Highlighted at Ignite

    Improvements in the Microsoft Endpoint Manager (MEM) management solution were part of Tuesday's Microsoft Ignite online event.

  • Green City Illustration

    Microsoft Ignite 2020 Reaction, Part 1: A New Normal for Tech Conferences

    Something about Satya Nadella's opening keynote makes Brien wonder if Microsoft thinks we'd all be better off doing everything -- including conferences like Ignite -- remotely, even after the pandemic is over.

  • Microsoft Ignite: Azure Advances Across Five Frontiers

    To kick off the Microsoft Ignite virtual conference, CEO Satya Nadella made a bold claim about the public cloud with the second-largest market share behind Amazon.

  • Microsoft Buying Games Maker ZeniMax Media for $7.5 Billion

    Microsoft is buying ZeniMax Media, parent company of Bethesda Softworks and other game-maker affiliates, for $7.5 billion in cash.

comments powered by Disqus