Ponemon: UK businesses unable to grasp cloud risk
Survey reveals UK firms are unable to assess the risk to 58 per cent of their own confidential data stored in the cloud
Less than half the UK firms questioned in a recent survey have a common process in place for discovering and classifying sensitive data on premise, and just 25 per cent have a process in place for cloud-based data.
This is according to research by the Ponemon Institute, which questioned 118 UK IT and IT security professionals to determine how secure their on-premise and cloud-based data really was.
The research also revealed that 55 per cent of those questioned listed not knowing where sensitive or confidential data was as one of their biggest concerns. In total, 54 per cent of respondents admitted they were not confident in their ability to proactively respond to a new threat in the cloud, and only 32 per cent have a common process for assessing the threats.
Ponemon estimated that 30 per cent of the sensitive or confidential data located in the cloud is believed to be at risk, with 28 per cent of on-premise data also classified as "at risk".
Larry Ponemon, founder of the Ponemon Institute, said: “The survey highlights that while organisations continue to fear cyber-attacks, what really keeps them up at night is the unknown. Namely, not knowing where data is and the associated risk to it.
“While businesses are more confident about having data on-premise, the shift towards cloud computing is continuing to accelerate and organisations cannot afford to be held back by data security concerns. Instead, security practitioners need to get a handle on the classification of data so they can feel more confident about the information that they are moving to the cloud. Regardless of whether information is held on-premise or in the cloud, data governance protocols should be the same.”
Amit Walia, senior vice president and general manager of data integration and security at Informatica – which commissioned the research as part of the annual 2015 State of Data Security Intelligence study – said: “The majority of organisations do not have a handle on their sensitive data, regardless of whether it exists on-premise or in the cloud. However, because businesses have less confidence in their understanding of sensitive data, they perceive more risk."