Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cloud Security

Cloud Security Gets Mixed Grade in Survey

A survey of more than 4,000 organizations around the globe gives a mix grade to data security in the cloud.

A survey of more than 4,000 organizations around the globe gives a mix grade to data security in the cloud.

According to new research from Ponemon Institute and Thales e-Security, some 35 percent of respondents say their use of the cloud has decreased their security posture, while 15 percent say it has increased it. The greatest sense of improvement was seen in the UK and Brazil.

Just who has the most responsibility for security is a source of debate in the study. More than 60 percent of those whose organizations currently transfer sensitive or confidential data to the cloud believe the cloud provider has the primary responsible for protecting data. Twenty-two percent say the cloud consumer is responsible – though the patter is reversed for users of an infrastructure-as-a-service (IaaS).

“Staying in control of sensitive or confidential data is paramount for most organizations today and yet our survey shows they are transferring ever more of their most valuable data assets to the cloud,” said Larry Ponemon, chairman and founder of the Ponemon Institute, in a statement. “In this, our second year of conducting this survey, we wanted to dig a little deeper and explore the difference in attitudes about the most common types of cloud services – IaaS, PaaS and SaaS.”

More than of the respondents said they don’t know what their cloud provider actually does to protect their data – a slight improvement over 2011, when 62 percent said they didn’t. Only 30 percent said they do. Those numbers echo another story released today from Cyber-Ark Software, which found that 56 percent of the nearly 1,000 C-level and IT executives surveyed were unaware of what their cloud providers were doing to secure privileged accounts.

Outside network level encryption tools such as SSL, globally the use of encryption to protect data before it goes to the cloud is 33 percent higher than the use of encryption within the cloud itself, according to the research. The use of encryption is a third more common in software-as-a-service offerings than any other service type.

Usually, the respondents said their own organization looked after their encryption keys, though this number declined to 29 percent in 2012 from 36 percent the year before.

“Encryption is the most widely proven and accepted method to secure sensitive data both within the enterprise and the cloud, but it’s no silver bullet,” said Richard Moulds, vice president strategy of Thales e-Security, in a statement. “Decisions still need to be taken over where encryption is performed and critically, who controls the keys. This is perhaps one of the reasons why new key management standards, such as the Key Management Interoperability Protocol (KMIP), have already attracted considerable interest, particularly in the context of cloud encryption.”

“Overall, it’s very positive news that confidence in cloud security and in particular the use of encryption seems to be increasing,” he said. 

Written By

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.

Cloud Security

Orca Security published details on four server-side request forgery (SSRF) vulnerabilities impacting different Azure services.

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Cloud Security

Cloud Disaster Recovery - Ingredients for a Recipe that Saves Money and Offers a Safe, More Secure Situation with Greater Accessibility

Application Security

Password management firm LastPass says the hackers behind an August data breach stole a massive stash of customer data, including password vault data that...