The rate at which companies are adopting Cloud is growing by leaps and bounds but sadly they are not taking the security with the seriousness that it deserves. This is according to a recent survey conducted by Ponemon Institute. The survey has shown that most businesses are not keen in adopting security and governance measures in order to protect their sensitive data based in the cloud. Over 73% of the survey respondents deemed that their organizations find the cloud-based platforms and services important and 81% hinted that there will be more in the coming two years. 36% of the total respondents stated that their companies’ need for data and IT processing were met through the available cloud resources. This number is expected to grow up to 45% in the coming two years.
Out of all the respondents interviewed, 54% of the total number confirmed that their companies did not have an approach that is proactive in as far as security and privacy of data is concerned. Most of them confirmed that their companies did not observe the required data and privacy protection regulations expected in cloud environments. Over half of the respondents confirmed that these companies were also not careful while sharing out information that is sensitive in nature with their vendors, contractors and business partners who are third parties.
Larry Ponemon, the chairman and also founder of the Ponemon Institute observed that the issue of cloud security remains to be a big challenge to most companies. This is especially the case where the company will be dealing with the complex regulations governing the protection of data and privacy. In order for companies to comply with these regulations, they ought to deploy technologies like tokenization, encryption as well as other available cryptographic solutions. These will secure the sensitive data that companies store or transfer in their cloud.
Companies face a number of challenges as first, it is difficult to control or restrict the end-user access which the number of respondents increased from 48% back in 2014 to 53% presently. There is also the inability for conventional information security to be applied on cloud environments according to 70% of all the respondents. 69% of the respondents also cited the difficulty in inspecting the security compliance of the cloud providers. The other issue is the fact that most of the corporate data stored in the cloud environment is not controlled or managed by the company’s IT department.
The survey noted that most companies embraced this cloud environment due to its flexibility and also lower costs but they struggle a lot in terms of controlling their data and compliance. The main reason why the compliance has been an issue is the fact that the approach to ensure data is protected is not the same as the one employed in the conventional networks. The sure way to solve this issue will be via a data-centric approach. This will allow IT companies to protect their corporate and customer information across all the services that are cloud-based departments and employees rely on daily.
The survey also derived some positives in that 65% of the total respondents stated that although their organizations had delayed in implementing the security measures, they were on course. It also seems the confidence of respondents in the protection of sensitive or confidential information on cloud services has rapidly increased. 60% of the respondents back in 2014 saw it as impossible but this year only 54% held that thought. The confidence in the knowledge of all cloud computing services and applications has also increased.