Organisations struggling with sensitive cloud data as they shun security-first approach

Corporate data may be reaching a tipping point in the cloud – but security policies are yet to follow it.

That is the key finding from a new report by security provider Thales. The study, which was put together by the Ponemon Institute and which polled more than 3,000 IT and IT security practitioners across eight countries, found that while almost half (48%) of corporate data was in the cloud, less than a third (32%) of companies had a ‘security-first approach’ to data storage in the cloud.

The rise of multi-cloud continues apace, with almost half (48%) of those polled having such a system. Amazon Web Services (AWS), Microsoft Azure and IBM were the most popular vendors among respondents. More than a quarter (28%) said they were using at least four cloud providers. Yet this leads to confusion, the report noted.

“With businesses increasingly looking to use multiple cloud platforms and providers, it’s vital they understand what data is being stored and where,” said Larry Ponemon, chairman and founder of the Ponemon Institute. “Not knowing this information makes it essentially impossible to protect the most sensitive data – ultimately leaving these organisations at risk.”

In one of the more peculiar questions, respondents were asked who bore the most responsibility for sensitive data in the cloud. The answers were almost entirely split down the middle; 35% believed it was on the providers, 31% said it was their responsibility, with 33% preferring a shared responsibility model.

For almost all cases, responsibility for cloud security is shared between the vendor and the customer; the vendor will look after the infrastructure while the customer looks after applications. Oracle, meanwhile, wants to eradicate the shared responsibility model with what it calls its autonomous next-generation cloud, eliminating human error of all kinds.

There were various other survey findings: more businesses (54%) now believe that cloud storage makes it more difficult to protect sensitive data, while more than two thirds (67%) believe conventional security methods are difficult to apply when it comes to cloud-based data.

“We’d encourage all companies to take responsibility for understanding where their data sits to ensure it’s safe and secure,” added Ponemon. in hearing industry leaders discuss subjects like this and sharing their experiences and use-cases? Attend the Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London and Amsterdam to learn more.