Businesses comfy with cloud but at what cost?
A Ponemon study of 4,000 users worldwide reveals that organisations are now putting more sensitive data in the cloud
There may be still be factors giving users pause about putting their data in the cloud, but it appears security of even the most common-sense variety is no longer among them.
In a stunning display of imprudence, a growing number of organisations around the world -- as revealed in a new large-scale global survey from the Ponemon Institute -- are pushing sensitive or confidential data into the cloud.
And they're doing so with few accompanying protections, and a full awareness that such practices damage their overall security posture.
It's a radical reversal of the days of the cloud "scare factor" when concerns about data security, integrity and availability kept many businesses on the cloud computing sidelines.
"Staying in control of sensitive or confidential data is paramount for most organisations today and yet our survey shows they are transferring ever more of their most valuable data assets to the cloud," said Larry Ponemon, chairman and founder of the Ponemon Institute, which conducted the global study of more than 4,000 organisations.
"Many organisations continue to believe that their cloud providers are solely responsible for protecting their sensitive data even though the majority of respondents claim not to know what specific security measures their cloud provider is taking."
Ponemon called it "encouraging" that relaxed attitudes about the cloud are boosting adoption rates. More than half of respondents said they transfer critical data to the cloud; only 11 per cent had no cloud plans, down from 19 per cent two years ago.
But the researcher added that the optimistic mindset comes at a cost. More than a third of those surveyed (34 per cent) were moving data to the cloud despite their sense that it was having a negative effect on their security posture. Only about 17 per cent felt the cloud actually improved organisational security.
In SaaS environments, more than half of respondents said the cloud provider should be primarily responsible for security, even though half of those SaaS users had no knowledge of what their providers were doing to secure sensitive data.
By contrast, nearly half of IaaS and PaaS users view security as a shared responsibility between the user and the cloud service provider.
Organisations seem to be slowly getting a handle on the cloud security problem, with 39 per cent of SaaS users saying their cloud data is encrypted, up from just 32 per cent in 2011.
Still more than half of respondents say their sensitive and confidential information sits in the in the clear and is easily readable when stored in the cloud.
For those who are using encryption in the cloud, about a third manage their own encryption keys, but that their own organisation is in control of encryption keys when data is encrypted in the cloud. However, a notable 18 per cent say their cloud service provider has full control over keys.
"Encryption is the most widely proven method to secure sensitive data in the enterprise and in the cloud, and yet more than half of respondents report that sensitive data in the cloud goes unprotected," said Richard Moulds, vice president of strategy at Thales e-Security, which sponsored the Ponemon survey.
"Those that are using encryption have adopted a variety of deployment strategies but once again a universal pain point is key management.
"Very often, the way that keys are managed makes all the difference, with poor implementations dramatically reducing effectiveness and driving up costs."
For more US-focused channel coverage, see www.channelnomics.com