Report: Companies take different approaches to cloud security

8 août 2012

The growing demand for remote working capabilities, mobility and next-generation solutions in the private sector is driving the use of cloud computing within businesses around the world. Meanwhile, as cloud technologies continue to mature and evolve, decision-makers are gaining confidence in the hosted service's ability to manage and protect a wide range of mission-critical assets. This was confirmed in a new Ponemon Institute study that polled more than 4,000 business and IT managers across the globe.

The survey found that roughly 82 percent of respondents are in the process of migrating, or are planning to move mission-critical records to cloud-based environments.

"It's a rather sobering thought that nearly half of respondents say that their organization already transfers sensitive or confidential data to the cloud, even though 39 percent admit that their security posture has been reduced as a result," Ponemon Institute chairman and founder Larry Ponemon said. "This clearly demonstrates that for many organizations, the economic benefits of using the cloud outweigh the security concerns."

Cloud security practices are all over the place
The survey revealed that cloud security perceptions are disorganized throughout the private sector. While 64 percent of respondents who are currently migrating confidential tools to the cloud said it is the service provider's responsibility to ensure the safekeeping of sensitive resources, roughly the same number said they have no way of knowing what the vendor is doing to actually protect mission-critical data. This is largely due to a lack of visibility into the network.

"Staying in control of sensitive or confidential data is paramount for most companies today," security expert Richard Moulds said.

Encryption is the key to ensuring confidential information is protected, the report said. This was echoed by expert David Rockvam, in an interview with Bank Info Security. Rockvam asserted that companies migrating to the cloud should implement robust authentication and encryption tools to ensure that any confidential data is protected and not misused by anyone who doesn't have the appropriate credentials.

"How you get there is going to be really important," Rockvam told Bank Info Security.

Similar to overall data protection perceptions, however, companies often vary in how they deploy encryption. The Ponemon Institute reported that roughly half of business and IT decision-makers encrypt data before it is moved to the cloud. The remaining executives rely on the service provider to apply encryption to their sensitive information once it is in the cloud.

"For any organization that is still weighing the advantages of using cloud computing with the potential security risks of doing so, it is important to know that encryption is one of the most valuable tools for protecting data," Moulds said. "However, just as with any type of encryption, it only delivers meaningful value if deployed correctly and with encryption keys that are managed appropriately."

The survey revealed that approximately 36 percent of respondents said the business is in charge of handling encryption keys, while another 22 percent said the vendor is responsible for managing keys.

The report went on to say that controlling encryption keys ultimately means having command over the information. As more organizations migrate to the cloud and continue to fall victim to data breaches, it will become increasingly important that IT executives deploy the appropriate security tools to keep sensitive records away from malicious individuals, whether they exist in or outside the company. In doing so, companies will be able to experience the benefits of the cloud without exposing confidential data.

-McAfee Cloud Security