THE 2016 GLOBAL CLOUD DATA SECURITY STUDY

This research, conducted by the Ponemon Institute, surveyed 3,476 IT and IT security professionals in the United States, United Kingdom, Australia, Germany, France, Japan, Russian Federation, India and Brazil about the governance policies and security practices their organizations have in place to secure data in cloud environments.



Scroll

AS THE CLOUD’S POPULARITY GROWS,
SO DOES THE RISK TO SENSITIVE DATA

73%73% of IT professionals say cloud computing applications and platform solutions are very important or important to business operations today. This is expected to increase to 81% over the next two years.

  • Today
  • In Two Years
The Importance of Cloud Computing

36%IT professionals estimate that 36% of their organizations’ total IT and data processing needs are met by cloud resources. This is expected to increase to 45% over the next two years.

  • Today
  • In Two Years
IT and Data Processing needs that
are met by Cloud Resources

60%Yet, 60% say it is more difficult to protect confidential or sensitive information in the cloud.

0

Percent


The types of data companies are moving to the cloud is also the information that is most at risk. The storage of customer information in cloud environments has increased significantly from 53% of respondents in 2014 to 62% of respondents in 2016.

CONVENTIONAL SECURITY IS DIFFICULT
IN THE CLOUD

70%The vast majority of respondents say it is more difficult to protect sensitive data in cloud computing environments using conventional security.

0

Percent

Cloud Security

53%And nearly half say it is more difficult to control or restrict end user access to data in the cloud.

0

Percent

NO ONE IS IN CHARGE OF
PROTECTING DATA IN THE CLOUD

While views are mixed on who is responsible for protecting sensitive data in the cloud, there is a shift to the cloud user.




43%In addition, only 43% say their organizations have clearly defined roles and accountability for safeguarding confidential or sensitive information in the cloud.

IT SECURITY IS LEFT OUT OF
DECISIONS ABOUT CLOUD RESOURCES

Similar to the 2014 study findings, only 21% of respondents say members of the security team are involved always or most of the time in the selection of certain cloud applications or platforms.

CLOUD SECURITY IS STORMY
BECAUSE OF SHADOW IT

35%On average, 35% of all corporate data is stored in the cloud, up from 30% in 2014.

0

Percent

Cloud Security - Shadow IT

47%On average, 47% of corporate data stored in a cloud environment is not managed or controlled by the IT department, up from 44% in 2014.

0

Percent


Nearly half of IT professionals are not confident that they know all the cloud services used within their companies.


DATA SECURITY IN THE CLOUD
IS LACKING

65%

Although 65% of respondents say their organizations are committed to protecting confidential or sensitive data in the cloud . . .

54%

54% say cloud services make it more difficult to protect confidential or sensitive information.

56%

56% do not agree their organization is careful about sharing sensitive information with third parties in the cloud environment.

40%

Only 40% of respondents say their organizations have a policy that requires use of security safeguards such as encryption as a condition to using certain cloud computing resources.

COMPLIANCE IN THE CLOUD
IS CHALLENGING

62%

62% say the use of cloud resources increases their compliance risk.

73%

And 73% say it is more complex to manage privacy and data protection regulations in cloud environments than on premises.

54%

Yet, 54% do not agree their organizations have a proactive approach to managing compliance with privacy and data protection regulations in cloud environments.

ENCRYPTION & KEY MANAGEMENT
ARE GROWING IN IMPORTANCE ...

72%72% of respondents say the ability to encrypt data is important, and 86% say it will become more important over the next two years.

  • Today
  • In Two Years
The Importance of Data Encryption

12On average organizations have 12 applications that require encryption.

0

Applications

7On average organizations have seven key management systems or encryption platforms.

0

Systems


... BUT ARE NOT WIDELY IMPLEMENTED

42%Only 42% actually use encryption to secure sensitive data in the cloud.

55%And only 55% of IT professionals say their organization controls the keys when data is encrypted in the cloud.

But companies are putting their encrypted data at risk because they do not centrally secure and store their encryption keys.

CLOUD COMPLICATES
USER ACCESS CONTROLS

67%67% of respondents say the management of user identities is more difficult in the cloud.

0

Percent

Cloud Security - User Identities

58%58% say their organizations have third parties accessing data in the cloud. Only 51% say their organization uses multi-factor authentication to ensure secure access to data in the cloud.

0

Percent


Only half of IT professionals say their organizations use multi-factor authentication for employee access to the cloud.


The findings reveal that global organizations are failing to secure data in the cloud due to the lack of critical governance and security practices in place.

Key Recommendations for
Data Security in the Cloud

Organizations should educate employees on security, set comprehensive policies for data governance and compliance, create guidelines for the sourcing of cloud services, such as including IT security in the process, and establish rules for securely storing data in the cloud.

Companies can increase security, maintain control of sensitive data, and improve compliance with regulatory mandates in the cloud by enabling IT departments to centrally manage data protection solutions across the organization.

As companies store more sensitive data in the cloud and deploy more cloud-based services, IT organizations need to place greater emphasis on stronger data protection measures. This includes encrypting or tokenizing sensitive data, maintaining control and ownership of encryption keys, storing keys securely in hardware and separately from encrypted data, and applying strong multi-factor authentication to control access to cloud-based business applications.

PROFILE OF RESPONDENTS

Download Report


Download the full Gemalto 2016 Global Cloud Data Security Report, including key findings by country.

facebook twitter linkedin google plus email share