Study: Many companies consider their cloud data sensitive

22 août 2012

Fifty percent of companies concerned with cloud computing data security believe that their virtually stored information is "sensitive", a recent study shows.

According to CloudTimes, Ponemon Institute research showed that a number of companies felt that they were adopting best practices regarding data encryption, but that just over half of those surveyed were already transferring confidential information into the cloud. Sixty-four percent of respondents believe that service providers are responsible for data security in the cloud, but 66 percent admitted that they didn't know what these providers were actually doing to protect their data.

Thirty-three percent of respondents revealed that they were considering sending sensitive data into the cloud, while 39 percent have already lowered their internal web security requirements to allow data to be transmitted, which the authors of the study believed was due to economic necessity rather than any concerns over secure data transmission.

The study, commissioned by Thales, involved 4,000 global IT professionals and business leaders from the U.S., Europe, Australia, Brazil and Japan, and, in the opinion of the surveyors, it provided an "interesting perspective on the perception of cloud and security by companies from different countries."

A sobering thought
"It’s a rather sobering thought that nearly half of respondents say that their organization already transfers sensitive or confidential data to the cloud even though 39 percent admit that their security posture has been reduced as a result," said Larry Ponemon, chairman and founder of the Ponemon Institute.

Encryption of data was also a concern, with respondents split as to who should be responsible for ensuring that information was secure. Thirty-six percent stated that their organization should be in control of encryption keys while 22 percent felt that the cloud provider should manage the process. The survey also found that companies with a high level of security requirements are more likely to use the cloud when "working with sensitive data."

"For any organization that is still weighing the advantages of using cloud computing with the potential security risks of doing so, it is important to know that encryption is one of the most valuable tools for protecting data," commented Richard Moulds, vice president of strategy at Thales e-Security. "Even if you allow your data to be encrypted in the cloud, it’s important to know you can still keep control of your keys. If you control the keys, you control the data."

-McAfee Cloud Security