Only 40% of cloud data is protected, says Gemalto

Gemalto, the world leader in digital security, revealed that 95% of global companies have adopted cloud services, despite there being a wide gap in the level of security precautions applied by companies in different markets.

Organisations admitted that on average, only 40% of the data stored in the cloud is secured with encryption and key management solutions.

The findings from 2018 Global Cloud Data Security Study found 35% of organisations in the UK, 34% in Brazil and 31% in Japan are less cautious than the 61% in Germany when sharing sensitive and confidential information stored in the cloud with third parties.

Germany’s lead in cloud security extends to its application of controls such as encryption and tokenisation. 61% of German organisations said they secure sensitive or confidential information while being stored in the cloud environment, ahead of 51% in the US and 50% in Japan.

The level of security applies increases when data is sent and received by the business, rising to 67% for Germany, 62% for Japan and 61% for India.

However, more than 75% of organisations across the globe recognise the importance of having the ability to implement cryptologic solutions, such as encryption. This is only set to increase, with 91% believing this ability will become more important over the next two years – an 86% increase from last year.

Managing privacy and regulation in the cloud

Despite the growing adoption of cloud computing and the benefits that it brings, it seems that global organisations are still wary, with 50% reporting that payment information and customer data is at risk when stored in the cloud.

Over 57% of global organisations also believe that using the cloud makes them more likely to fall foul of privacy and data protection regulations, slightly down from 62% in 2016.

Due to this perceived risk, almost 88% believe that the new General Data Protection Regulation (GDPR) will require changes in cloud governance, with 37% stating it will require significant changes.

Despite the prevalence of cloud usage, the study found that there is a gap in awareness within businesses about the services being used.

Only 25% of IT and IT security practitioners revealed they are very confident they know all the cloud services their business is using, with 31% confident they know.

Looking more closely, shadow IT may be continuing to cause challenges. Over half of Australian (61%), Brazilian (59%) and British (56%) organisations are not confident they know all the cloud computing apps, platform or infrastructure services their organisation is using.

Confidence is higher elsewhere, with only around 27% in Germany, 27% in Japan and 25% in France not confident.

Head in the clouds

Fortunately, 81% believe that having the ability to use strong authentication methods to access data and applications in the cloud is essential or very important.

Businesses in Australia are the keenest to see authentications put in place, with 92% agreeing it would help ensure only authorised people could access certain data and applications in the cloud, ahead of India (85%) and Japan (84%).

Jason Hart, CTO for data protection at Gemalto, said: “While it’s good to see some countries like Germany taking the issue of cloud security seriously, there is a worrying attitude emerging elsewhere.

“This may be down to nearly half believing the cloud makes it more difficult to protect data when the opposite is true.

“The benefit of the cloud is its convenience, scalability and cost control in offering options to businesses that they would not be able to access or afford on their own, particularly when it comes to security.

“However, while securing data is easier, there should never be an assumption that cloud adoption means information is automatically secure. Just look at the recent Accenture and Uber breaches as examples of data in the cloud that has been left exposed.

“No matter where data is, the appropriate controls like encryption and tokenisation need to be placed at the source of the data. Once these are in place, any issues of compliance should be resolved.”

This research was conducted by the Ponemon Institute on behalf of Gemalto with 3,285 IT and IT security practitioners surveyed across the US, UK, Australia, Germany, France, Japan, India, and Brazil.

Written from press release by Leah Alger