How effective companies are protecting sensitive data in cloud

Only 38% of global organisations have defined roles and accountability for preserving confidential or sensitive data in the cloud, a new survey of IT professionals has found.

According to the latest Ponemon Institute study commissioned by SafeNet, about 44% of corporate data stored in cloud environments is not supervised or controlled by the IT department.

About 70% of respondents find it more difficult to handle privacy and data protection regulations in a cloud environment, while about three-quarters of them consider cloud as very vital now, and three quarters of them deem it will be vital over the next two years.

Ponemon Institute chairman Dr. Larry Ponemon said: "The findings reveal that global organizations are struggling to secure data in the cloud due to the lack of critical governance and security practices in place.

"To create a more secure cloud environment, organisations can begin with simple steps such as including IT security in establishing security policies and procedures; increasing visibility into the use of cloud applications, platforms, and infrastructure; and protecting data with encryption and stronger access controls, such as multi-factor authentication."

Only 19% of respondents said they have knowledge about all cloud computing applications, platforms, or infrastructure services deployed in their organisations.

In reply to the individual responsible for cloud data security, 35% of them noted it as shared responsibility between the cloud user and the cloud provider, with 33% believing it as the responsibility of the cloud user and 32% stating as the liability of the cloud provider.

About 46% of the companies use multi-factor authentication to secure third-party access to data in the cloud environment, while 48% noted that their organisations deploy multi-factor authentication for employees’ accessing the cloud.

SafeNet chief strategy officer Tsion Gonen said: "While the cloud has revolutionized the way IT is delivered, many IT organizations are finding it difficult to keep up with demand for these services and the security implications that are created when critical data is stored in the cloud.

"And as we’ve seen in 2014 with a raft of record-breaking data breaches, organizations are attacked frequently from different angles.

"In order to mitigate risk, there needs to be focused coordination and new approaches to securing data in the cloud, and IT needs to be at the center of this migration."