Company’s 2016 Global Cloud Data Security study found that management of privacy and data protection is more complex in the cloud than on-premises.
Nearly 75 percent of respondents to a new survey said that managing data protection and privacy regulations is more complex in the cloud, and only 43 percent said there were defined roles within their organizations for accountability and security of sensitive data.
The 2016 Global Cloud Data Security study, from digital security company Gemalta, was conducted in conjunction with Ponemon Institute LLC. The goal of the study is to understand trends in cloud governance and security. The organizations surveyed nearly 3,500 IT and IT security professionals in the U.S., UK, Australia, Germany, France, Japan, India, Brazil and Russia.
The report found that cloud usage will continue to increase in the next 24 months. Respondents said 36 percent of their businesses IT and data processing requirements are met through the cloud. They said they expect to increase to around 45 percent by 2018.
Approximately 54 percent of respondents are either very confident or confident that their IT organization has a well-rounded knowledge of all cloud applications, platforms and infrastructure in use. This is a 45 percent increase from the 2015 study. Along with this growth though, comes concerns about risk management.
Storage of customer data has increased from 53 percent in 2014 to 62 percent today. While 60 percent of respondents in the previous study reported having difficulty protecting that sensitive and often confidential data, that has fallen to 54 percent in this study, but the difficulty in controlling user end access has increased from 48 percent of respondents to 53 percent.
According to the survey, customer information, emails, consumer data, employee records and payment information are the types of data most often stored in the cloud.
Seventy-two percent of respondents said the ability to encrypt or tokenize sensitive or confidential data is important, with 86 percent saying it will become more important over the next two years. While the importance of encryption is growing, it is not yet widely deployed in the cloud. For example, for SaaS, the most popular type of cloud-based service, only 34 percent of respondents say their organization encrypts or tokenizes sensitive or confidential data directly within cloud-based applications.
“Cloud security continues to be a challenge for companies, especially in dealing with the complexity of privacy and data protection regulations,” said Dr. Larry Ponemon, chairman and founder, Ponemon Institute. “To ensure compliance, it is important for companies to consider deploying such technologies as encryption, tokenization or other cryptographic solutions to secure sensitive data transferred and stored in the cloud.”
Approximately 65 percent of respondents said they are fully committed to protecting sensitive data in the cloud, and 46 percent said they are being proactive in managing compliance with privacy and data protection regulations in the cloud. Roughly 44 percent said they are cautious about sharing customer data with third parties.
