Ponemon: IT Is Losing the Cloud Security Battle

Written by Dan Kobialka 1
November 4, 2014

The Ponemon Institute and SafeNet have released a study that highlights the data security challenges that many IT departments face when they store sensitive information in the cloud. Here's a complete breakdown of the study results.

A new study from the Ponemon Institute and SafeNet revealed that when it comes to data security and the cloud, the majority of IT departments are “left in the dark.”

The study of more than 1,800 IT professionals, titled “The Challenges of Cloud Information Governance: A Global Data Security Study,” showed 71 percent of respondents said they believe it is more difficult to use conventional security practices to protect sensitive data in the cloud.

Instead, IT departments often rely on encryption and multi-factor authentication to safeguard their data in the cloud.

“While the cloud has revolutionized the way IT is delivered, many IT organizations are finding it difficult to keep up with demand for these services and the security implications that are created when critical data is stored in the cloud,” Tsion Gonen, SafeNet’s chief strategy officer, said in a prepared statement. “And as we’ve seen in 2014 with a raft of record-breaking data breaches, organizations are attacked frequently from different angles. In order to mitigate risk, there needs to be focused coordination and new approaches to securing data in the cloud, and IT needs to be at the center of this migration.”

Other study results included:

71 percent of respondents said that cloud computing is very important today, and 78 percent noted they believe the cloud will remain important over the next two years.
70 percent agreed that it is more complex to manage privacy and data protection regulations in the cloud, and the types of corporate data stored in the cloud, such as emails and consumer, customer and payment information, are the types of data most at risk.
48 percent of respondents said they believe it is more difficult to control or restrict end user access to cloud data.
44 percent of corporate data stored in the cloud is not managed or controlled by the IT department.
43 percent said their organizations are using private data network connectivity.
39 percent said their organizations use encryption, tokenization or other cryptographic tools to protect data in the cloud.
29 percent said they use premium security services from a cloud services provider (CSP).

“The findings reveal that global organizations are struggling to secure data in the cloud due to the lack of critical governance and security practices in place,” Ponemon Institute founder Dr. Larry Ponemon added. “To create a more secure cloud environment, organizations can begin with simple steps such as including IT security in establishing security policies and procedures, increasing visibility into the use of cloud applications, platforms and infrastructure and protecting data with encryption and stronger access controls such as multi-factor authentication.”

How are the cloud and data breaches connected?

Recent data indicates that while the number of cloud users is increasing, the number of data breaches is rising simultaneously.

A June 2014 Netskope and Ponemon Institute study of 613 IT professionals showed respondents estimated that for every 1 percent increase in the use of cloud services, there would be a 3 percent higher probability of a data breach.

Click here for Talkin’ Cloud’s Top 100 CSP list

Study researchers also found 69 percent of respondents said they believe that their organizations are not proactive in assessing information that is too sensitive to be stored in the cloud, and 62 percent said they believe the cloud services in use by their organizations are not thoroughly vetted for security before deployment.

SafeNet, meanwhile, offered the following recommendation for IT departments to effectively secure their data in the cloud:

“IT organizations need to place greater emphasis on stronger user access controls with multi-factor authentication. This is even more important for companies that give third parties and vendors access to their data in the cloud. Multi-factor authentication solutions can be managed centrally to provide more secure access to all applications and data whether in the cloud or on-premises.”

Share your thoughts about this story in the Comments section below, via Twitter @dkobialka or email me at dan.kobialka@penton.com.