In a stunning display of imprudence, a new large-scale global survey finds a growing number of organizations are pushing sensitive and/or confidential data into the cloud with few protections and a full awareness that such practices damage their overall security posture.
It’s a radical reversal of the days of the cloud “scare factor” when concerns about data security, integrity and availability kept many businesses on the cloud computing sidelines.
Ponemon called it “encouraging” that relaxed attitudes about the cloud are boosting adoption rates. More than half of respondents said they transfer critical data to the cloud; only 11 percent had no cloud plans, down from 19 percent two years ago.
But the researcher added that the optimistic mindset comes at a cost. More than a third of those surveyed (34 percent) were moving data to the cloud despite their sense that it was having a negative effect on their security posture. Only about 17 percent felt the cloud actually improved organizational security.
In SaaS environments more than half of respondents said the cloud provider should be primarily responsible for security, even though half of those SaaS users had no knowledge of what their providers were doing to secure sensitive data.
Organizations seem to be slowly getting a handle on the cloud security problem, with 39 percent of SaaS users saying their cloud data is encrypted, up from just 32 percent in 2011. Still more than half of respondents say their sensitive and confidential information sits in the in the clear and easily readable when stored in the cloud.
For those who are using encryption in the cloud, about a third manage their own encryption keys, but that their own organization is in control of encryption keys when data is encrypted in the cloud, but a notable 18 percent say their cloud service provider has full control over keys.
“Encryption is the most widely proven method to secure sensitive data in the enterprise and in the cloud, and yet more than half of respondents report that sensitive data in the cloud goes unprotected,” said Richard Moulds, vice president of strategy at Thales e-Security, which sponsored the Ponemon survey. “Those that are using encryption have adopted a variety of deployment strategies but once again a universal pain point is key management.
“Very often, the way that keys are managed makes all the difference with poor implementations dramatically reducing effectiveness and driving up costs,” Moulds said.
This article originally appeared on Channelnomics.com.