Digital dangers abound in computing on the Cloud.
Outside an airplane window, clouds look like great fluffy pillows you could tumble into. Of course you’d tumble to your death. Cloud computing is similarly deceptive: superficially, easy and comfortable, but without underlying safeguards, dangerous.
The 2016 Global Cloud Data Security Study, compiled for digital security company Gemalto by the Ponemon Institute, shows that safety measures are not keeping up with Cloud data challenges. The 3,476 infotech and IT security professionals surveyed in the US, UK, Australia, Germany, France, Japan, Russia, India and Brazil indicate the Cloud is making organizations vulnerable in storage and management of confidential information.
Less than half of organizations surveyed have clearly defined rules for safeguarding confidential or sensitive information in the Cloud. More than half (56%) of respondents say their employer is not sufficiently careful about sharing this information with third parties in the Cloud. The report indicates only a third of confidential data held on software-as-a-service systems is encrypted.
“Organizations have embraced the Cloud with its benefits of cost and flexibility, but they are still struggling with maintaining control of their data and compliance in virtual environments,” says Jason Hart, chief technology officer for data protection at Gemalto. “It’s quite obvious security measures are not keeping pace because the Cloud challenges traditional approaches of protecting data when it was just stored on the network. It is an issue that can only be solved with a data-centric approach in which IT organizations can uniformly protect customer and corporate information across the dozens of Cloud-based services their employees and internal departments rely on every day.”
The study suggests companies can increase security, maintain control of sensitive data and improve compliance with regulatory mandates by enabling IT departments to centrally manage data protection solutions across the organization. It also recommends organizations educate employees on security and set comprehensive policies for data governance and compliance.
Of course, there are technical solutions, too. To ensure compliance, says Larry Ponemon, chairman and founder of the Ponemon Institute, “it is important for companies to consider deploying such technologies as encryption, tokenization or other cryptographic solutions.”