A new study penned by the Gemalto and Ponemon Institute shows that significant gaps are emerging between countries on attitudes towards data protection in the cloud
The study reveals regional disparities in adoption of cloud security: German businesses almost twice as likely to secure confidential or sensitive information in the cloud (61 percent) than British (35 percent), Brazilian (34 percent) and Japanese (31 percent) organisations.
Half of the global outfits believe that payment information (54 percent) and customer data (49 percent) is at risk in the cloud.
Over half (57 percent) think using the cloud increases compliance risk.
The report said that while the vast majority of global companies (95 percent) have adopted cloud services, there is a wide gap in the level of security precautions applied by firms in different markets. Organisations admitted that on average, only two-fifths (40 percent) of the data stored in the cloud is secured with encryption and key management solutions.
The findings organisations in the UK (35 percent), Brazil (34 percent) and Japan (31 percent) are less cautious than those in Germany (61 percent) when sharing sensitive and confidential information stored in the cloud with third parties. The study surveyed more than 3,200 IT and IT security practitioners worldwide to gain a better understanding of the key trends in data governance and security practices for cloud-based services.
Germany’s lead in cloud security extends to its application of controls such as encryption and tokenisation. The majority (61 percent) of German organisations revealed they secure sensitive or confidential information while being stored in the cloud environment, ahead of the US (51 percent) and Japan (50 percent). The level of security applied increases further still when data is sent and received by the business, rising to 67 percent for Germany, with Japan (62 percent) and India (61 percent) the next highest.
Crucially, however, over three quarters (77 percent) of organisations across the globe recognise the importance of having the ability to implement cryptologic solutions, such as encryption. This is only set to increase, with nine in 10 (91 percent) believing this capability will become more critical over the next two years – an increase from 86 percent last year.
Despite the growing adoption of cloud computing and the benefits that it brings, it seems that global organisations are still wary. Worryingly, half report that payment information (54 percent) and customer data (49 percent) are at risk when stored in the cloud. Over half (57 percent) of global organisations also believe that using the cloud makes them more likely to fall foul of privacy and data protection regulations, slightly down from 62 percent in 2016.
Due to this perceived risk, almost all (88 percent) believe that the new General Data Protection Regulation (GDPR), will require changes in cloud governance, with two in five (37 percent) stating it would require significant changes. As well as difficulty in meeting regulatory requirements, three-quarters of global respondents (75 percent) reported that it is more complicated to manage privacy and data protection regulations in a cloud environment than on-premise networks. France (97 percent) and the US (87 percent) finding this the most complex, just ahead of India (83 percent).
The study found that there is a gap in awareness within businesses about the services being used. Only a quarter (25 percent) of IT and IT security practitioners revealed they are very confident they know all the cloud services their business is using, with a third (31 percent) confident they know.
Gemalto Data Protection CTO Jason Hart said: “While it’s good to see some countries like Germany taking the issue of cloud security seriously, there is a worrying attitude emerging elsewhere. This may be down to nearly half believing the cloud makes it more difficult to protect data when the opposite is true.
“The benefit of the cloud is its convenience, scalability and cost control in offering options to businesses that they would not be able to access or afford on their own, particularly when it comes to security.
“However, while securing data is easier, there should never be an assumption that cloud adoption means information is automatically secure. Just look at the recent Accenture and Uber breaches as examples of data in the cloud that has been left exposed. No matter where data is, the appropriate controls like encryption and tokenisation need to be placed at the source of the data. Once these are in place, any issues of compliance should be resolved.”
