While an overwhelming majority of global firms have adopted cloud services, there is still a wide gap in the level of security precautions applied by them, a survey has revealed. Almost half of Indian organizations say they are not likely to secure sensitive data in the cloud, according to the ‘2018 Global Cloud Data Security’ survey by global digital security firm Gemalto. Globally, organizations said only two-fifths of the data stored in the cloud is secured with encryption and key management solutions, it said. The survey said there is a gap in awareness within businesses about the services being used. Only a quarter (25 per cent) of IT and IT security practitioners revealed they are confident they know all the cloud services their business is using, with a third (31 per cent) confident they know.
The survey was conducted by the Ponemon Institute on behalf of Gemalto with 3,285 IT and IT security practitioners surveyed across the US (575), UK (405), Australia (244), Germany (492), France (293), Japan (424), India (497) and Brazil (355). It revealed that almost half (49 per cent) of Indian organizations are not likely to secure sensitive data in the cloud, reflecting limited trust in cloud governance and security practices.
Globally, it found that organizations in India (49 per cent), Australia (43 per cent) and Japan (31 per cent) are less cautious than those in Germany (61 per cent) when sharing sensitive and confidential information stored in the cloud with third parties. The majority (61 per cent) of German organizations revealed they secure sensitive or confidential information while being stored in the cloud environment, ahead of the US (51 per cent), India (49 per cent) and Japan (50 per cent).
More than half respondents said payment information (54 per cent) and customer data (49 per cent) are at risk when stored in the cloud. Over half (57 per cent) of global organizations also believe that using the cloud makes them more likely to fall foul of privacy and data protection regulations, slightly down from 62 per cent in 2016, it added.
Due to this perceived risk, almost all (88 per cent) believed that the new General Data Protection Regulation (GDPR) will require changes in cloud governance, with two in five stating it would require significant changes. Three-quarters of global respondents (75 per cent) also said it is more complex to manage privacy and data protection regulations in a cloud environment than on premise networks, with France (97 per cent) and the US (87 per cent) finding this the most complex, just ahead of India (83 per cent), it said.
“While it’s good to see some countries like Germany taking the issue of cloud security seriously, it’s worrying in rest of the world. This may be down to nearly half believing the cloud makes it more difficult to protect data, when the opposite is true,” said Jason hart, CTO, Data Protection, Gemalto.