Half of businesses lack proactive approach to cloud security

More than half of IT professionals are concerned about their companies' approaches to cloud security, according to a report.

A study by Gemalto and the Ponemon Institute has revealed that although organisations are keen on moving to the cloud, they are not taking an adequate approach to security.

73 per cent of those surveyed said cloud-based services and platforms are important to their firms' operations and 81 per cent expect this to increase over the next two years.

But 54 per cent said they do not think they have a proactive approach to managing security and complying with privacy and data protection regulations in the cloud, despite the fact that 65 per cent of businesses are committed to protecting sensitive data in the cloud.

And 56 per cent do not think their organisations are careful about sharing sensitive information in the cloud with third parties, including business partners and vendors.

“Cloud security continues to be a challenge for companies, especially in dealing with the complexity of privacy and data protection regulations,”  said Dr. Larry Ponemon, chairman and founder of the Ponemon Institute.

“To ensure compliance, it is important for companies to consider deploying such technologies as encryption, tokenisation or other cryptographic solutions to secure sensitive data transferred and stored in the cloud.”

The report suggested that shadow IT is the source of some of the problem, with 49 per cent of cloud services being deployed by departments other than corporate IT. 47 per cent of corporate data stored in the cloud is not managed or controlled by IT departments.

54 per cent of IT professionals said it is difficult to protect sensitive information when using cloud services, but 62 per cent said their businesses store customer information in the cloud.

“Organisations have embraced the cloud with its benefits of cost and flexibility but they are still struggling with maintaining control of their data and compliance in virtual environments,” said Jason Hart, vice president and chief technology officer for data protection at Gemalto.

“It’s quite obvious security measures are not keeping pace because the cloud challenges traditional approaches of protecting data when it was just stored on the network.

“It is an issue that can only be solved with a data-centric approach in which IT organisations can uniformly protect customer and corporate information across the dozens of cloud-based services their employees and internal departments rely every day.”

r3lb