Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cloud Security

Cloud Security Gets Mixed Grade in Survey

A survey of more than 4,000 organizations around the globe gives a mix grade to data security in the cloud.

A survey of more than 4,000 organizations around the globe gives a mix grade to data security in the cloud.

According to new research from Ponemon Institute and Thales e-Security, some 35 percent of respondents say their use of the cloud has decreased their security posture, while 15 percent say it has increased it. The greatest sense of improvement was seen in the UK and Brazil.

Just who has the most responsibility for security is a source of debate in the study. More than 60 percent of those whose organizations currently transfer sensitive or confidential data to the cloud believe the cloud provider has the primary responsible for protecting data. Twenty-two percent say the cloud consumer is responsible – though the patter is reversed for users of an infrastructure-as-a-service (IaaS).

“Staying in control of sensitive or confidential data is paramount for most organizations today and yet our survey shows they are transferring ever more of their most valuable data assets to the cloud,” said Larry Ponemon, chairman and founder of the Ponemon Institute, in a statement. “In this, our second year of conducting this survey, we wanted to dig a little deeper and explore the difference in attitudes about the most common types of cloud services – IaaS, PaaS and SaaS.”

More than of the respondents said they don’t know what their cloud provider actually does to protect their data – a slight improvement over 2011, when 62 percent said they didn’t. Only 30 percent said they do. Those numbers echo another story released today from Cyber-Ark Software, which found that 56 percent of the nearly 1,000 C-level and IT executives surveyed were unaware of what their cloud providers were doing to secure privileged accounts.

Outside network level encryption tools such as SSL, globally the use of encryption to protect data before it goes to the cloud is 33 percent higher than the use of encryption within the cloud itself, according to the research. The use of encryption is a third more common in software-as-a-service offerings than any other service type.

Usually, the respondents said their own organization looked after their encryption keys, though this number declined to 29 percent in 2012 from 36 percent the year before.

“Encryption is the most widely proven and accepted method to secure sensitive data both within the enterprise and the cloud, but it’s no silver bullet,” said Richard Moulds, vice president strategy of Thales e-Security, in a statement. “Decisions still need to be taken over where encryption is performed and critically, who controls the keys. This is perhaps one of the reasons why new key management standards, such as the Key Management Interoperability Protocol (KMIP), have already attracted considerable interest, particularly in the context of cloud encryption.”

Advertisement. Scroll to continue reading.

“Overall, it’s very positive news that confidence in cloud security and in particular the use of encryption seems to be increasing,” he said. 

Written By

Marketing professional with a background in journalism and a focus on IT security.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

The US arm of networking giant TP-Link has appointed Adam Robertson as Director of Information and Security.

Cyber exposure management firm Armis has promoted Alex Mosher to President.

Software giant Atlassian has named David Cross as its new CISO.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.