THE CHALLENGES OF CLOUD INFORMATION GOVERNANCE:
A GLOBAL DATA SECURITY STUDY

This research conducted by the Ponemon Institute surveyed 1,864 IT and IT security professionals in the US, UK, EU, and Asia Pacific about the governance policies and security practices their organizations have in place to protect data in the cloud.





Scroll

AS THE CLOUD’S POPULARITY GROWS,
SO DOES THE RISK TO SENSITIVE DATA

71%71% of IT professionals say cloud computing is very important today, and this will increase to 78% over the next two years.

  • Today
  • In Two Years
The Importance of Cloud Computing

33%IT professionals estimate that 33% of their organizations’ total IT and data processing needs are met by cloud resources. This is expected to increase to 41% over next two years.

  • Today
  • In Two Years
IT and Data Processing needs that
are met by Cloud Resources

70%Yet, 70% say it is more important to protect sensitive information in a cloud environment.

0

Percent


Also, the types of corporate data stored in the cloud is also the data most at risk.

  • 70%
  • 60%
  • 50%
  • 40%
  • 30%
  • 20%
  • 10%
  • 0%
  • Customer Information
  • Email
  • Consumer Data
  • Payment Information
  Data Stored in the Cloud       Corporate Data that Represents the Greatest Security Risk
(more than one response permitted)



CONVENTIONAL SECURITY IS DIFFICULT
IN THE CLOUD

71%The vast majority of respondents say it is more difficult to protect sensitive data in cloud computing environments using conventional security.

0

Percent

Cloud Security

48%And nearly half say it is more difficult to control or restrict end user access to data in the cloud.

0

Percent

NO ONE IS IN CHARGE OF
PROTECTING DATA IN THE CLOUD

Views are mixed on who is actually responsible for protecting sensitive data in the cloud.

  • 50%
  • 40%
  • 30%
  • 20%
  • 10%
  • 0%
  • Shared Responsibility
  • The Cloud User
  • The Cloud Provider
Who is Responsible For Protecting Sensitive Data Stored in the Cloud



38%In addition, only 38% say their organizations have clearly defined roles and accountability for safeguarding confidential or sensitive information in the cloud.

IT SECURITY IS LEFT OUT OF
DECISIONS ABOUT CLOUD RESOURCES

Only one-fifth of respondents say that members of the security team are involved in the decision marketing process about cloud resources.

  • 50%
  • 40%
  • 30%
  • 20%
  • 10%
  • 0%
  • Always
  • Most of the Time
  • Some of the Time
  • Rarely
  • Never
IT Security is Involved in Decisions about Cloud Resources

CLOUD SECURITY IS STORMY
BECAUSE OF SHADOW IT

30%On average, 30% of all corporate data is stored in the cloud.

0

Percent

Cloud Security - Shadow IT

44%On average, 44% of corporate data stored in a cloud environment is not managed or controlled by the IT department.

0

Percent


A majority of IT professionals are not confident that they know all the cloud services used within their companies.

  • 70%
  • 60%
  • 50%
  • 40%
  • 30%
  • 20%
  • 10%
  • 0%
  • Very Confident
  • Confident
  • Not Confident
How Confident are you that IT Knows all the Cloud Computing Services in Use Today?




DATA SECURITY IN THE CLOUD
IS LACKING

62%

Although 62% of respondents say their organizations are committed to protecting confidential or sensitive data in the cloud . . .

57%

57% say their organizations are not proactive in managing compliance with privacy and data protection regulations in the cloud environment.

57%

57% do not agree their organization is careful about sharing sensitive information with third parties in the cloud environment.

34%

Only 34% of respondents say their organizations have a policy that requires use of security safeguards such as encryption as a condition to using certain cloud computing resources.

ENCRYPTION IS GROWING IN IMPORTANCE ...

71%71% of respondents say the ability to encrypt data is important, and 79% say it will become more important over the next two years.

  • Today
  • In Two Years
The Importance of Data Encryption

11On average organizations have 11 applications that require encryption.

0

Applications

7On average organizations have seven key management systems or encryption platforms.

0

Systems


... BUT IS NOT WIDELY IMPLEMENTED

33%Only about one-third actually use encryption to secure sensitive data in the cloud.

0

Percent

And companies are putting their encrypted data at risk because they do not centrally secure and store their encryption keys.

  • 50%
  • 40%
  • 30%
  • 20%
  • 10%
  • 0%
  • Software
  • Hardware
  • Combination
  • Unsure
Where Encryption Keys Are Stored

CLOUD COMPLICATES
USER ACCESS CONTROLS

68%68% of respondents say the management of user identities is more difficult in the cloud.

0

Percent

Cloud Security - User Identities

62%62% say their organizations have third parties accessing data in the cloud.

0

Percent


Nearly half of organizations do not use multi-factor authentication to secure access to data in the cloud.

  • 70%
  • 60%
  • 50%
  • 40%
  • 30%
  • 20%
  • 10%
  • 0%
  • Yes
  • No
  • Unsure
Use of Multi-Factor Authentication for Third-Party Access

  Employ Multi-Factor Authentication to Secure Access to Data in the Cloud Environment
  Deploy Multi-Factor Authentication for Internal Employees' Access to Data in the Cloud Environment




The findings reveal that global organizations are failing to secure data in the cloud due to the lack of critical governance and security practices in place.

Key Recommendations for
Data Security in the Cloud

The role of IT organizations is changing and they need to adapt to the new realities of Cloud IT by educating employees on security, setting comprehensive policies for data governance and compliance, creating guidelines for the sourcing of cloud services, and establishing rules for what data can and cannot be stored in the cloud.

IT organizations can accomplish their mission to protect corporate data while being an enabler of “Shadow IT” by implementing data security measures such as “encryption-as-a-service” that allow them to manage the protection data in the cloud in a centralized fashion as their internal organizations source cloud-based services as needed.

As companies store more data in the cloud and utilize more cloud-based services for their employees, IT organizations need to place greater emphasis on stronger user access controls with multi-factor authentication. This is even more important for companies that give third-parties and vendors to access their data in cloud. Multi-factor authentication solutions can be managed centrally to provide more secure access to all applications and data whether in the cloud or on-premises.

PROFILE OF RESPONDENTS

Download Report


Download the
SafeNet Cloud Governance Study Full Report
and its findings