Category Archives: Ponemon

Most data in the cloud is exposed says Thales/Ponemon study

Cloud securityA new study into encryption and key management suggests that nearly of all the companies in the world are planning to make a potentially fatal security mistake.

If the new global study is an accurate gauge of global trends, 84% of companies across the world are about to commit sensitive data to the cloud by 2018. However, only 37% of the same survey sample has an encryption plan or strategy.

With consultant PwC recently declaring that cloud computing is attracting the attention of the world’s cyber criminals and attracting a mini-boom in hacking attacks, the lack of data encryption could prove fatally negligent.

The Global Encryption Trends report, commissioned by Thales Security and conducted by IT security think-tank Ponemon, revealed that though the use of encryption is increasing, the security industry isn’t keeping pace with its criminal opponents. In the study Ponemon interviewed 5,009 individuals across multiple industry sectors in 11 of the world’s top economies, including the US, the UK, Germany, France, Brazil and Japan. If that survey is an accurate reflection of the global state of security of the cloud, there are some worrying trends, according to Thales.

While use of encryption is on the up, with nearly three times more organisations classifying themselves as extensive users in comparison with years ago, there is ‘still some way to go’, according to Thales. In 2005 a Thales study found that 16% of its global survey sample used encryption. By 2015 the proportion of encryption users had risen to 41%, of those surveyed. That still means that a minority of companies around the world are using a baseline level of cyber security, according to John Grimm, Senior Director at Thales e-Security. To make matters worse, in that time the cyber crime industry will have been far more agile and fast moving.

Other findings were that 40% of cloud data at rest is unprotected and 57% of companies don’t even know where their sensitive data resides. Sensitive data discovery ranked as the top challenge to planning and executing an encryption strategy, according to researchers.

Support for both cloud and on-premise deployment was rated the most important encryption solution and 58% of companies said they leave their cloud provider to be responsible for protecting sensitive data transferred in the cloud.