Less than half of the companies are careful when it comes to sharing data on cloud, nearly half of cloud services are not taken care by IT department. Lack of proper encryption and proactive approach keep on paving way for breaches.
Although cloud-based resources are becoming more important to companies' IT operations and business strategies, 54% of respondents in ‘The 2016 Global Cloud Data Security’ survey by Gemalto said that their companies do NOT have proactive approach to managing security and are complying with privacy and data protection regulations in cloud environments. This is despite the fact that 65% of respondents said their organizations are committed to protecting confidential or sensitive information in the cloud. Furthermore, 56% said that their organisation is NOT careful about sharing sensitive information in the cloud with third parties, such as business partners, contractors and vendors.
Cloud security is stormy because of shadow IT
Nearly half of cloud services (49%) are deployed by departments other than corporate IT and an average of 47% of corporate data stored in cloud environments is NOT managed or controlled by the IT department. However, confidence in knowing all cloud computing services in use is increasing. More than half of respondents (54%) are confident that the IT organization knows all cloud computing applications, platform or infrastructure services in use – a 9% increase from 2014.
Conventional security practices do not apply in the cloud
In 2014, 60% of respondents felt it was more difficult to protect confidential or sensitive information when using cloud services. This year, 54% said the same. Difficulty in controlling or restricting end-user access increased from 48% in 2014 to 53% in 2016. The other major challenges that make security difficult include the inability to apply conventional information security in cloud environments (70% of respondents) and the inability to directly inspect cloud providers for security compliance (69%).
More customer information is being stored in the cloud and that data is considered the most at risk
According to the survey, customer information, emails, consumer data, employee records and payment information are the types of data most often stored in the cloud. Since 2014, the storage of customer information in the cloud has increased the most, from 53% in 2014 to 62%. More than half (53%) of the respondents considered customer information the data most at risk in the cloud.
Security departments left in the dark when it comes to buying cloud services
Only 21% said in the survey that the members of the security team are involved in the decision-making process about using certain cloud application or platforms. The majority of respondents (64%) said that their organizations do not have a policy that requires use of security safeguards, such as encryption, as a condition to using certain cloud computing applications.
Encryption is important but not yet pervasive in the cloud
A majority of respondents (72%) said the ability to encrypt or tokenize sensitive or confidential data is important, with 86% saying it will become more important over the next two years, up from 79% in 2014. While the importance of encryption is growing, it is not yet widely deployed in the cloud. For example, for SaaS, the most popular type of cloud-based service, only 34% of respondents say their organization encrypts or tokenizes sensitive or confidential data directly within cloud-based applications.
Many companies still rely on passwords to secure user access to cloud services
Management of user identities is more difficult in the cloud than on-premises for 67% of respondents. However, organizations are not adopting measures that are easy to implement and could increase cloud security. About half (45%) of companies are not using multi-factor authentication to secure employee and third-party access to applications and data in the cloud, which means many companies are still relying on just user names and passwords to validate identities. This puts more data at risk because 85% of respondents say their organizations have third-party users accessing their data and information in the cloud.