A recent study conducted by the Ponemon Institute, on commission by security firm Gemalto, found that only 35% of British organizations secure confidential information stored in the cloud. This is in sharp contrast to the United States (51%) and Germany (61%).
The study, which surveyed more than 3,200 IT and IT security practitioners worldwide, determined that over three quarters (77%) of all organizations surveyed were aware of the importance of implementing a security protocol such as encryption to secure data stored in the cloud.
The study found that security precautions including encryption and other IT-managed solutions were only being applied to 40% of the data stored in the cloud, on average. By contrast, 95% of the companies surveyed indicated they had adopted cloud services.
Understanding the Problem
Security is a concern for the majority of IT departments, worldwide. 54% of the respondents of Gemalto’s 2018 Global Cloud Data Security Study indicated that they believe payment information is at risk in the cloud. Just under half (49%) indicated that non-payment customer data was also at risk.
The survey found evidence that there is a misunderstanding about who is responsible for securing cloud data. 32% of global organizations indicated that cloud security is the responsibility of both the cloud provider and the organization, but 34% believe it’s entirely up to the cloud provider.
The survey also found that 75% of respondents reported that managing and securing data in the cloud is more complex than doing so with on-premise systems.
Another recent survey conducted by AlienVault at Infosecurity Europe in London found that 28% of 900 security professionals surveyed believed the level of cloud security understanding within their organizations were less than competent.
GDPR and the UK’s New Data Protection Laws
GDPR is a new security policy designed to create a consistent data privacy law that applies across Europe. The new policy covers a wide range of data security issues including Breach notification, right to access, right to be forgotten, data portability, privacy by design, and new rules for the establishment of Data Protection Officers.
Of the IT professionals polled in the Gemalto study, 88% believed that the new GDPR rules will require changes in cloud governance. 37% of those polled said those changes would be significant.
Come May, organizations throughout Europe and the UK will have to comply with the new rules. If they don’t, they face a fine of up to 4% of annual global turnover or €20 Million (whichever is greater).
“While it’s good to see some countries like Germany taking the issue of cloud security seriously, there is a worrying attitude emerging elsewhere,” said Jason Hart, CTO, Data Protection at Gemalto. “This may be down to nearly half believing the cloud makes it more difficult to protect data when the opposite is true.