THE 2018 GLOBAL CLOUD DATA SECURITY STUDY

This research, conducted by the Ponemon Institute, surveyed 3,285 IT and IT security professionals in the United States, United Kingdom, Australia, Germany, France, Japan, India and Brazil who are familiar and involved in their company’s use of both public and private cloud resources.





Scroll

AS THE CLOUD’S POPULARITY GROWS,
SO DOES THE RISK TO SENSITIVE DATA

79%79% of IT professionals say cloud computing applications and platform solutions are very important or important to business operations today. This is expected to increase to 87% over the next two years.

  • Today
  • In Two Years
The Importance of Cloud Computing

39%IT professionals estimate that 39% of their organizations’ total IT and data processing needs are met by cloud resources. This is expected to increase to 51% over the next two years.

  • Today
  • In Two Years
IT and Data Processing needs that
are met by Cloud Resources

33%Despite the importance of cloud computing, one-third of respondents are unsure or do not agree that their organization is committed to protecting confidential or sensitive information in the cloud. Further, 57 percent do not believe their organization is careful about sharing that information with third parties.

  • Protecting
  • Sharing
Protecting and Sharing confidential or sensitive information in the Cloud

The impact of regulated data in the cloud such as payment and customer information continues to be most at risk. Because of the sensitivity of the data and the need to comply with privacy and data protection regulations, 54% of companies worry most about payment information and 49% about their customer information. This has been consistent over the past three years.

CONVENTIONAL SECURITY IS DIFFICULT
IN THE CLOUD

0

Percent

71%The vast majority of respondents say it is more difficult to protect sensitive data in cloud computing environments using conventional security.

Cloud Security
0

Percent

51%And more than half say it is more difficult to control or restrict end user access to data in the cloud.

WHO IS IN CHARGE OF
PROTECTING DATA IN THE CLOUD?

Respondents have mixed views on who should be most responsible for protecting sensitive or confidential data in the cloud. Fewer respondents say it is a shared responsibility, and the rest are evenly divided between responsibility resting with the cloud provider or cloud user.





46%In addition, only 46% say their organizations have clearly defined roles and accountability for safeguarding confidential or sensitive information in the cloud.

IT SECURITY IS LEFT OUT OF
DECISIONS ABOUT CLOUD RESOURCES

Similar to the 2016 study findings, only 21% of respondents say members of the security team are involved always or most of the time in the selection of certain cloud applications or platforms.

CLOUD SECURITY IS STORMY
BECAUSE OF SHADOW IT

0

Percent

43%On average, 43% of all corporate data is stored in the cloud, trending up from 35% in 2016 and 30% in 2015.

Cloud Security - Shadow IT
0

Percent

53%On average, 53% of corporate data stored in a cloud environment is not managed or controlled by the IT department, up from 44% in 2015, and 47% in 2016.


Nearly half of IT professionals are not confident that they know all the cloud services used within their companies.


DATA SECURITY IN THE CLOUD
IS LACKING

67%

Although 67% of respondents say their organizations are committed to protecting confidential or sensitive data in the cloud . . .

49%

49% say cloud services make it more difficult to protect confidential or sensitive information.

57%

57% do not agree their organization is careful about sharing sensitive information with third parties in the cloud environment.

46%

Only 46% of respondents say their organizations have a policy that requires use of security safeguards such as encryption as a condition to using certain cloud computing resources.

COMPLIANCE IN THE CLOUD
IS CHALLENGING

57%

57% say the use of cloud resources increases their compliance risk.

75%

And 75% say it is more complex to manage privacy and data protection regulations in cloud environments than on premises.

53%

Yet, 53% do not agree their organizations have a proactive approach to managing compliance with privacy and data protection regulations in cloud environments.

ENCRYPTION & KEY MANAGEMENT
ARE GROWING IN IMPORTANCE ...

77%77% of respondents say the ability to encrypt data is important, and 91% say it will become more important over the next two years.

  • Today
  • In Two Years
The Importance of Data Encryption

13On average organizations have 13 applications that require encryption.

0

Applications

9On average organizations have nine key management systems or encryption platforms.

0

Systems


... BUT ARE NOT WIDELY IMPLEMENTED

47%Only 47% actually use encryption to secure sensitive data in the cloud.

52%And only 52% of IT professionals say their organization controls the keys when data is encrypted in the cloud.

But companies are putting their encrypted data at risk because they do not centrally secure and store their encryption keys.

CLOUD COMPLICATES
USER ACCESS CONTROLS

0

Percent

67%67% of respondents say the management of user identities is more difficult in the cloud.

Cloud Security - User Identities
0

Percent

63%63% say their organizations have third parties accessing data in the cloud. Only 53% say their organization uses multi-factor authentication to ensure secure access to data in the cloud.


Only half of IT professionals say their organizations use multi-factor authentication for employee access to the cloud.


The findings reveal that global organizations are failing to secure data in the cloud due to the lack of critical governance and security practices in place.

Key Recommendations for
Data Security in the Cloud

Organizations should educate employees on security, set comprehensive policies for data governance and compliance, create guidelines for the sourcing of cloud services, such as including IT security in the process, and establish rules for securely storing data in the cloud.

Companies can increase security, maintain control of sensitive data, and improve compliance with regulatory mandates in the cloud by enabling IT departments to centrally manage data protection solutions across the organization.

As companies store more sensitive data in the cloud and deploy more cloud-based services, IT organizations need to place greater emphasis on stronger data protection measures. This includes encrypting or tokenizing sensitive data, maintaining control and ownership of encryption keys, storing keys securely in hardware and separately from encrypted data, and applying strong multi-factor authentication to control access to cloud-based business applications.

PROFILE OF RESPONDENTS

A sampling frame of 94,577 experienced IT and IT security practitioners located in the United States, United Kingdom, Australia, Germany, France, Japan, India and Brazil who are familiar and involved in their company's use of both public and private cloud resources were selected as participants in the research. Our final sample consisted of 3,285 surveys or a 3.5 percent response.

Download Resources

You can now download any of the Cloud Security Assets


Download Report Access Report

Now Available! The 2018 Global Cloud Data Security Report. Find out why data security in the cloud remains a challenge for companies worldwide.


Download Infographic

Download the Gemalto 2018 Global Cloud Data Security Infographic for a quick recap on the Cloud Security Race, some countries are further ahead than others when it comes to protecting data in the cloud.