Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cloud Security

Cloud Security Gets Mixed Grade in Survey

A survey of more than 4,000 organizations around the globe gives a mix grade to data security in the cloud.

A survey of more than 4,000 organizations around the globe gives a mix grade to data security in the cloud.

According to new research from Ponemon Institute and Thales e-Security, some 35 percent of respondents say their use of the cloud has decreased their security posture, while 15 percent say it has increased it. The greatest sense of improvement was seen in the UK and Brazil.

Just who has the most responsibility for security is a source of debate in the study. More than 60 percent of those whose organizations currently transfer sensitive or confidential data to the cloud believe the cloud provider has the primary responsible for protecting data. Twenty-two percent say the cloud consumer is responsible – though the patter is reversed for users of an infrastructure-as-a-service (IaaS).

“Staying in control of sensitive or confidential data is paramount for most organizations today and yet our survey shows they are transferring ever more of their most valuable data assets to the cloud,” said Larry Ponemon, chairman and founder of the Ponemon Institute, in a statement. “In this, our second year of conducting this survey, we wanted to dig a little deeper and explore the difference in attitudes about the most common types of cloud services – IaaS, PaaS and SaaS.”

More than of the respondents said they don’t know what their cloud provider actually does to protect their data – a slight improvement over 2011, when 62 percent said they didn’t. Only 30 percent said they do. Those numbers echo another story released today from Cyber-Ark Software, which found that 56 percent of the nearly 1,000 C-level and IT executives surveyed were unaware of what their cloud providers were doing to secure privileged accounts.

Outside network level encryption tools such as SSL, globally the use of encryption to protect data before it goes to the cloud is 33 percent higher than the use of encryption within the cloud itself, according to the research. The use of encryption is a third more common in software-as-a-service offerings than any other service type.

Usually, the respondents said their own organization looked after their encryption keys, though this number declined to 29 percent in 2012 from 36 percent the year before.

“Encryption is the most widely proven and accepted method to secure sensitive data both within the enterprise and the cloud, but it’s no silver bullet,” said Richard Moulds, vice president strategy of Thales e-Security, in a statement. “Decisions still need to be taken over where encryption is performed and critically, who controls the keys. This is perhaps one of the reasons why new key management standards, such as the Key Management Interoperability Protocol (KMIP), have already attracted considerable interest, particularly in the context of cloud encryption.”

Advertisement. Scroll to continue reading.

“Overall, it’s very positive news that confidence in cloud security and in particular the use of encryption seems to be increasing,” he said. 

Written By

Marketing professional with a background in journalism and a focus on IT security.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Conversations

SecurityWeek talks to Billy Spears, CISO at Teradata (a multi-cloud analytics provider), and Lea Kissner, CISO at cloud security firm Lacework.

Cloud Security

Cloud security researcher warns that stolen Microsoft signing key was more powerful and not limited to Outlook.com and Exchange Online.

CISO Strategy

Okta is blaming the recent hack of its support system on an employee who logged into a personal Google account on a company-managed laptop.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.

Cloud Security

Microsoft and Proofpoint are warning organizations that use cloud services about a recent consent phishing attack that abused Microsoft’s ‘verified publisher’ status.