73%73% of IT professionals say cloud computing applications and platform solutions are very important or important to business operations today. This is expected to increase to 81% over the next two years.
36%IT professionals estimate that 36% of their organizations’ total IT and data processing needs are met by cloud resources. This is expected to increase to 45% over the next two years.
60%Yet, 60% say it is more difficult to protect confidential or sensitive information in the cloud.
The types of data companies are moving to the cloud is also the information that is most at risk. The storage of customer information in cloud environments has increased significantly from 53% of respondents in 2014 to 62% of respondents in 2016.
70%The vast majority of respondents say it is more difficult to protect sensitive data in cloud computing environments using conventional security.
53%And nearly half say it is more difficult to control or restrict end user access to data in the cloud.
NO ONE IS IN CHARGE OF
PROTECTING DATA IN THE CLOUD
While views are mixed on who is responsible for protecting sensitive data in the cloud, there is a shift to the cloud user.
43%In addition, only 43% say their organizations have clearly defined roles and accountability for safeguarding confidential or sensitive information in the cloud.
Similar to the 2014 study findings, only 21% of respondents say members of the security team are involved always or most of the time in the selection of certain cloud applications or platforms.
35%On average, 35% of all corporate data is stored in the cloud, up from 30% in 2014.
47%On average, 47% of corporate data stored in a cloud environment is not managed or controlled by the IT department, up from 44% in 2014.
Nearly half of IT professionals are not confident that they know all the cloud services used within their companies.
54% say cloud services make it more difficult to protect confidential or sensitive information.
Only 40% of respondents say their organizations have a policy that requires use of security safeguards such as encryption as a condition to using certain cloud computing resources.
And 73% say it is more complex to manage privacy and data protection regulations in cloud environments than on premises.
72%72% of respondents say the ability to encrypt data is important, and 86% say it will become more important over the next two years.
12On average organizations have 12 applications that require encryption.
7On average organizations have seven key management systems or encryption platforms.
42%Only 42% actually use encryption to secure sensitive data in the cloud.
55%And only 55% of IT professionals say their organization controls the keys when data is encrypted in the cloud.
But companies are putting their encrypted data at risk because they do not centrally secure and store their encryption keys.
67%67% of respondents say the management of user identities is more difficult in the cloud.
58%58% say their organizations have third parties accessing data in the cloud. Only 51% say their organization uses multi-factor authentication to ensure secure access to data in the cloud.
Only half of IT professionals say their organizations use multi-factor authentication for employee access to the cloud.
Organizations should educate employees on security, set comprehensive policies for data governance and compliance, create guidelines for the sourcing of cloud services, such as including IT security in the process, and establish rules for securely storing data in the cloud.
Companies can increase security, maintain control of sensitive data, and improve compliance with regulatory mandates in the cloud by enabling IT departments to centrally manage data protection solutions across the organization.
As companies store more sensitive data in the cloud and deploy more cloud-based services, IT organizations need to place greater emphasis on stronger data protection measures. This includes encrypting or tokenizing sensitive data, maintaining control and ownership of encryption keys, storing keys securely in hardware and separately from encrypted data, and applying strong multi-factor authentication to control access to cloud-based business applications.
By Job Title