A majority of IT organizations are kept in the dark when it comes to protecting corporate data in the cloud, putting confidential and sensitive information at risk. This is just one of the findings of a recent Ponemon Institute study commissioned by SafeNet, Inc., a global leader in data protection. The study, titled “The Challenges of Cloud Information Governance: A Global Data Security Study,” surveyed more than 1800 IT and IT security professionals worldwide.
Among the key findings, the research indicates that while organizations are increasingly using cloud computing resources, IT staff is having trouble controlling the management and security of data in the cloud. The survey found that only 38 % of organizations have clearly defined roles and accountability for safeguarding confidential or sensitive information in the cloud. Adding to the confusion, 44% of corporate data stored in cloud environments is not managed or controlled by the IT department. And more than two-thirds (71%) of respondents say it is more difficult to protect sensitive data in the cloud using conventional security practices.
“The findings reveal that global organizations are struggling to secure data in the cloud due to the lack of critical governance and security practices in place,” said Larry Ponemon, Chairman and Founder of the Ponemon Institute. “To create a more secure cloud environment, organizations can begin with simple steps such as including IT security in establishing security policies and procedures; increasing visibility into the use of cloud applications, platforms, and infrastructure; and protecting data with encryption and stronger access controls, such as multi-factor authentication.”
In terms of what companies are actually doing to secure data in the cloud, 43 % of respondents say their organization is using private data network connectivity. Nearly two-fifths, or 39 %, of respondents say their organizations use encryption, tokenization or other cryptographic tools to protect data in the cloud. Thirty-three percent say they don’t know what security solutions they use and 29 % say they use premium security services provided by their cloud provider.
Respondents also noted that the management of their encryption keys is important to securing data in the cloud, given the increasing number of key management and encryption platforms their companies use. Fifty-four percent of respondents say their organization controls the encryption keys when data is stored in the cloud. However, 45% say they store their encryption keys in the software where they store their data while 27 % say they store their keys in more secure environments such as hardware devices.
Regarding access to data in the cloud, 68% of respondents also say that the management of user identities is more difficult in the cloud, and 62% of respondents say their organizations have third parties accessing the cloud. Nearly half (46%) say their company uses multi-factor authentication to secure third-party access to data in the cloud environment. About the same percentage (48%) of respondents say their organizations use multi-factor authentication for employees’ access to the cloud.