IT Losing the Battle for Security in the Cloud

More than two-thirds of respondents to a Ponemon Institute survey say it's more difficult to protect sensitive data in the cloud using conventional security practices.

IT management and Ponemon

A majority of IT organizations are kept in the dark when it comes to protecting corporate data in the cloud, putting confidential and sensitive information at risk, according to a Ponemon Institute study commissioned by data security specialist SafeNet.

Nearly three-quarters (71 percent) of IT professionals confirmed that cloud computing is very important today, and more than three quarters (78 percent) believe it will be over the next two years.

The respondents also estimate that 33 percent of their organizations' total IT and data processing requirements are met with cloud resources today, and that is expected to increase to an average of 41 percent within two years.

However, 70 percent of respondents agree that it is more complex to manage privacy and data protection regulations in a cloud environment, and they also agree that the types of corporate data stored in the cloud—such as emails, and consumer, customer and payment information—are the types of data most at risk.

"Cloud security will get simpler as cloud providers build more security features and integration points for enhanced security from security vendors and partners," David Etue, vice president of corporate development strategy at SafeNet, told eWEEK. "This maturity will simplify cloud security, making it easier to deploy and manage. On the other hand, we are really at the beginning of the cloud journey for most enterprises."

More than two-thirds (71 percent) of respondents said it is more difficult to protect sensitive data in the cloud using conventional security practices, and nearly half (48 percent) say it's more difficult to control or restrict end-user access to cloud data.

As a result, more than one-third (34 percent) of IT professionals surveyed said their organizations already have a policy in place that requires the use of security safeguards such as encryption as a condition for using certain cloud computing resources.

The survey also revealed that 71 percent of respondents found the ability to encrypt or tokenize sensitive or confidential data important, and 79 percent said it will become more important over the next two years.

On average, half of all cloud services are deployed by departments other than corporate IT, and an average of 44 percent of corporate data stored in the cloud environment is not managed or controlled by the IT department.

Because of this, just 19 percent of respondents feel very confident that they know about all cloud computing applications, platforms or infrastructure services in use in their organizations today.

Along with this lack of control over the sourcing of cloud services, views on who is actually accountable for cloud data security are mixed, with 35 percent of respondents saying it is a shared responsibility between the cloud user and the cloud provider, while 33 percent say it is the responsibility of the cloud user and 32 percent say it is the responsibility of the cloud provider.

Regarding access to data in the cloud, 68 percent of respondents also say that the management of user identities is more difficult in the cloud, and 62 percent of respondents say their organizations have third parties accessing the cloud.

Nearly half (46 percent) say their company uses multifactor authentication to secure third-party access to data in the cloud environment.

About the same percentage (48 percent) of respondents say their organizations use multifactor authentication for employees' access to the cloud.