Cloud Risks Worry Firms, but Sensitive Data Still Cloud-Bound
Businesses aware of the threats to data are more likely to put their sensitive information in the cloud, a new study finds.More companies are moving their sensitive data into the cloud, although nearly half do not know how their cloud provider protects their data and more than a third believe that their security posture has suffered from using the cloud, according to a report published April 29. The report, based on survey data gathered by the Ponemon Institute and sponsored by cyber-security firm Thales, showed that 49 percent of companies do not know how their cloud provider secures customer data, a slight improvement from the 52 percent that were in the dark in 2012. A little more than a third, 35 percent, of companies had actually conducted the due diligence to discover how their data was protected. "Many companies thought the cloud provider was responsible for security, yet they know very little about what the cloud provider is doing to secure their data," Richard Moulds, vice president of strategy for Thales e-Security, told eWEEK. "If you choose to use the cloud, you need to know how your data is being secured." In its third year, the Ponemon Institute's Encryption in the Cloud report shows that companies are still trying to come to grips with securing their data stored in cloud services, said Moulds. Overall, the trends have been positive. More companies know their cloud providers' security methods (35 percent, up from 29 percent in 2011) and encrypt their data in the cloud (39 percent in 2013, compared with 32 percent in 2011).
Opinions continue to be split over who—the cloud provider or the cloud consumer—has responsibility for data in the cloud. For software-as-a-service (SaaS) offerings, 54 percent of cloud consumers argue that the cloud provider should be responsible, down from 60 percent in 2012. Companies that believed they should be responsible for data in SaaS offerings increased 3 percentage points to 24 percent in 2013, according to the report.