Organizations around the world are increasingly becoming more comfortable with transferring sensitive data to the cloud, according to the results of a new study. Commissioned by UK-based defense and security technology provider Thales and conducted by the Ponemon Institute, the “2012 Global Trends in Cloud Encryption” study examined the cloud perceptions and practices of more than 4,000 organizations in seven countries. Despite this increased comfort level, many companies still have reservations about the security of the cloud and some are still uncertain about who exactly is responsible for the security of data stored in the cloud.
According to the survey, more than half of all respondents say their organization currently transfers sensitive or confidential data to the cloud – an increase of about 10 percent over last year’s study. However, more than twice as many respondents say use of the cloud has decreased their security posture (35 percent) than say it has increased (15 percent). That’s still an improvement over last year’s study in which 39 percent of respondents said that cloud adoption had decreased their security posture while only 10 percent said it had increased.
This paradox between how organizations are using the cloud and how they feel about the security of it is really one of the “conundrums” of the study, says Richard Moulds, vice president of strategy for Thales e-Security, Thales’ cybersecurity business unit.
“Overall, the report has a positive message in the sense that more people are using the cloud (for sensitive data). So, the good news is usage is increasing, levels of confidence are increasing compared to last year… but the bad news is level of visibility, in terms of what security measures actually exist in the cloud, are still quite low and people, in general, feel it has weakened their security posture,” says Moulds. “The overall good news is that people feel more secure, the number of people who say it has weakened their security posture has gone down, and the portion of respondents who say their security posture has actually gone up as a result of putting sensitive data in the cloud has increased. In my mind, the trend areas are all pointing in the right direction, but there still are some underlying concerns.”
One of these underlying concerns is the confusion that still exists among many end users about who is responsible for securing data in the cloud. According to the study, more than 60 percent of respondents whose organizations currently transfer sensitive or confidential data to the cloud believe the cloud provider has primary responsibility for protecting that data and 22 percent believed the cloud consumer to be responsible. Moulds said responses to this question vary depending on whether or not the organization that took part in the study is actually leveraging cloud services or not.
“If you ask the people that are using the cloud for sensitive data, then overwhelmingly they say it is the cloud provider who is responsible by a factor of nearly three compared to the people who think the cloud consumer is responsible. But when you ask people that are not transferring sensitive data to the cloud, presumably because they’re concerned about security, then the majority say it is the cloud consumer that is responsible,” says Moulds.
Moulds attributes the fact that organizations are now more willing to use the cloud for sensitive data to a combination of factors including increased efforts on the part of cloud providers to educate end users about the security measures they have in place.