More than half of data is now stored in the cloud and its causing organisations to focus on security issues related to their cloud provider and not on their own data security best practices.
This is according to the 2020 Thales Data Threat Report in which 43 percent of IT experts stated that they are ‘aggressively disrupting’ the markets they operate in.
Yet the rapid change and implementation of digital technologies such as IoT, edge and the cloud is complicating how data security is undertaken. Data security threats for organisations is at a high as 49 percent of respondents had experienced a data breach, while 26 percent have been breached within the last year.
The location of stored data is driven by the use of a broad set of technologies with 38 percent of organisations stating that they house data in SaaS applications. However, the report found that more than 90 percent of its respondents are concerned about the data security of SaaS applications and their cloud service provider. While there have been security issues related to cloud providers in the past, many of these cases involved misconfigurations and poorly managed endpoints.
Thales believes that its report shows that while two-thirds of firms think they are operating in a secure manner: “Organizations are not implementing the processes and investing in the technologies required to appropriately protect their data. More than half have been breached or experienced failed security audits. And when it comes to securing data in the cloud, most companies incorrectly look to their cloud providers for their portion of the shared responsibility model.”
The report was compiled following a IDC web-based survey that queried 1,723 executives that have influence or responsibly for the security of IT systems and data within their organisations.
Failing Compliance Audits
It seems that IT systems within the financial services, healthcare, and retail sectors are struggling with new regulatory environments as just over half of financial service respondents said that they have not only experienced a data breach, but that many have failed compliance audits in 2019.
Worryingly 52 percent of responders who work within government agencies stated that they have the same compliance issues.
However, during 2019 within the EU sketchy government compliance numbers are not that unusual. 2019 marked the first full-calendar year with GDPR in place and many agencies are still struggling to understand the new environment and bring themselves into compliant state.
Of course ignorance of the law is no excuse, but it should be noted that the Information Commissioner’s Office, the regulatory watchdog for GDPR compliance within the UK, was itself not in-line with GDPR when it came to the use of cookies on its website.
Last June the ICO was forced to admit that its cookies consent process was not right and that: “We are currently in the process of updating this to align our use of cookies to the GDPR standard of consent and we will be making amendments to this information during the week commencing 24 June.”
A remarkable admission from @ICOnews – its #cookies consent process has been wrong (‘doesn’t meet the required GDPR standard’) and it’s being urgently changed. [In fact, it’s probably not been to the required standard since 2011.] #gdpr #pecr pic.twitter.com/aIFuO0kR4e
— Adam Rose (@adam_rose) June 16, 2019