Companies still struggling with security of data in the cloud

Written by on August 1, 2016 in Guest Blog with 0 Comments

He is up in the cloudsA new study finds that although cloud-based resources are becoming more important to companies, they are still struggling with cloud security. Despite the continued importance of cloud computing resources to organizations, companies are not adopting appropriate governance and cloud security measures to protect sensitive data in the cloud. These are just a few findings of a Ponemon Institute study titled “The 2016 Global Cloud Data Security Study,” commissioned by Gemalto. The study surveyed more than 3,400 IT and IT security practitioners worldwide to gain a better understanding of key trends in data governance and security practices for cloud-based services.

According to 73 per cent of respondents, cloud-based services and platforms are considered important to their organization’s operations and 81 per cent said they will be more so over the next two years.

In fact, 36 per cent of respondents said their companies’ total IT and data processing needs were met using cloud resources today and that they expected this to increase to forty-five percent over the next two years.

Although cloud-based resources are becoming more important to companies’ IT operations and business strategies, 54 per cent of respondents did not agree their companies have a proactive approach to managing security and complying with privacy and data protection regulations in cloud environments.

Companies are also still relying on passwords to secure user access to cloud services. Sixty-seven percent of respondents said the management of user identities is more difficult in the cloud than on-premises. However, organizations are not adopting measures that are easy to implement and could increase cloud security.

Just over half of companies – 55% — are using multi-factor authentication to secure employee and third-party access to applications and data in the cloud, which means many companies are still relying on just user names and passwords to validate identities. This puts more data at risk because fifty-eight percent of respondents say their organizations have third-party users accessing their data and information in the cloud.

Shadow IT and Cloud Security

Some cloud applications have a very simple enrollment process, which makes it easy for employees to sign up for the service without involving the IT department.

Shadow IT is what occurs when employees adopt cloud applications without approval or involvement from their IT department. It can be difficult to know what cloud applications have risk or threat exposures. If companies don’t provide a way for employees to understand what applications are allowed, shadow IT will continue.

The report says cloud security is stormy because of shadow IT according to respondents, nearly half (49 percent) of cloud services are deployed by departments other than corporate IT, and an average of 47 percent of corporate data stored in cloud environments is not managed or controlled by the IT department. However, confidence in knowing all cloud computing services in use is increasing. Fifty-four percent of respondents are confident that the IT organization knows all cloud computing applications, platform or infrastructure services in use – a nine percent increase from 2014.

More on CSO.

This article was first published on cybersec.buzz

Tags: , ,

About the Author

About the Author: Jonathon has been lurking around the Telecoms and Internet space for the last 20 years. He is now a man on a mission – that being the reformation of the Industry Analyst business. He is working with his co-conspirators on transforming the Industry Analyst world forever as an Expert with EMI. .

Subscribe

If you enjoyed this article, subscribe now to receive more just like it.

Subscribe via RSS Feed

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Top
%d bloggers like this: