Lack of encryption for sensitive cloud data worrying for businesses, argues Gemalto


Though cloud-based resources are becoming increasingly important to companies’ IT operations and business strategies, only a third of sensitive cloudy data is encrypted, according to the latest research from digital security provider Gemalto.

The findings, conducted in association with the Ponemon Institute, found more than nine in 10 UK firms (92%) don’t encrypt more than three quarters of their sensitive data sent via the cloud, while almost four in 10 (39%) do not encrypt confidential data at all when it rests in the cloud.

Despite this the survey, which polled almost 3,500 IT and IT security professionals across five continents, argued that for almost three quarters (73%), cloud-based services were considered ‘important’ to their organisation’s operations. That number is expected to rise to 81% over the next two years. More than half (54%) of those polled however said that their organisations did not have a ‘proactive’ approach to managing cloud privacy and security.

“Organisations have embraced the cloud with its benefits of cost and flexibility but they are still struggling with maintaining control of their data and compliance in virtual environments,” said Jason Hart, Gemalto VP and chief technology officer for data protection. “It’s quite obvious security measures are not keeping pace because the cloud challenges traditional approaches of protecting data when it was just stored on the network.”

The report offered five key findings; beware shadow IT, remember that conventional security practices do not apply in the cloud, security departments are in the dark when buying cloud services, more customer information is being stored in the cloud, and encryption is important but not yet widely deployed. These findings echo a report released earlier this week by Fruition Partners, which also warned of shadow IT fears.

“Cloud security continues to be a challenge for companies, especially in dealing with the complexity of privacy and data protection regulations,” said Dr. Larry Ponemon, chairman and founder of the Ponemon Institute. “To ensure compliance, it is important for companies to consider deploying such technologies as encryption, tokenisation or other cryptographic solutions to secure sensitive data transferred and stored in the cloud.”