Close to 60 per cent of confidential cloud data can’t have risk levels assessed – research

UK IT professionals claim to be struggling with accurately assessing the risk of storing their confidential data in the cloud

UK IT professionals claim to be struggling with accurately assessing the risk of storing their confidential data in the cloud

Data from a recent Ponemon Institute survey commissioned by Informatica suggests UK enterprises are struggling to assess the risk associated with placing confidential data in the cloud, with respondents claiming they can’t determine the risk to 58 per cent of the confidential data they store in the cloud.

The problem seems particularly acute when it comes to cloud-based data specifically – enterprises said they faced the same challenge with 28 per cent of the sensitive information held on-premise.

The survey results, which include responses from 118 UK IT and IT security professionals with responsibility for data protection, hint at differences in the level of data management tool deployments for on-premise and cloud-based systems, which does seem to skew the results in terms of confidence in data risk allocation. About 46 per cent are using such tools for data on premise and 34 per cent for data in the cloud.

Still, less than half of respondents claimed to have common processes in place for discovering and classifying the sensitive or confidential data on-premise, and just a quarter said they have a process in place for data stored in the cloud.

About 54 per cent of respondents said they are not confident in their ability to proactively respond to a new threat in the cloud, and 30 per cent of the sensitive or confidential data located in the cloud is believed to be at risk according to respondents.

“The survey highlights that whilst organisations continue to fear cyberattacks, what really keeps them up at night is the unknown. Namely not knowing where data is and the associated risk to it,” said Larry Ponemon, chairman and founder, Ponemon Institute.

“Whilst businesses are more confident about having data on premise, the shift towards cloud computing is continuing to accelerate and organisations can’t afford to be held back by data security concerns. Instead, security practitioners need to get a handle on the classification of data so that they can feel more confident about the information that they are moving to the cloud. Regardless of whether information is held on premise or in the cloud, data governance protocols should be the same,” Ponemon said.

Informatica senior vice president and general manager, data integration and security Amit Walia said the results demonstrate the majority of organisations do not have a handle on their sensitive data, regardless of whether it exists on-premise or in the cloud.

He explained that as data volumes grow enterprises are leaning more on customised software and automated processes rather than manual processes to classify data risk and apply rules and policies, which is creating somewhat of a false perception when it comes to risk.

“Because businesses have less confidence in their understanding of sensitive data then they perceive more risk. To reduce threat exposure and improve breach resiliency, organisations need to invest in data centric security technologies, which enable businesses to enact the need-to-know data access policies that help limit the exposure of sensitive data,” Walia said.