Despite an ever-present fear of cloud technology, businesses fail to take security seriously. The cloud security pendulum, once firmly lodged in the segment marked “be very afraid”, may have swung too far the other away, with some organisations not taking the basic steps to protect data.
92 per cent of UK businesses encrypt only 75 per cent or less of their sensitive and confidential data while traveling to the cloud, according to the 2016 Global Cloud Data Security Study.
Furthermore, almost 40 per cent do not encrypt sensitive and confidential data at rest in the cloud.
Why is this a huge problem? Because encryption may be the only thing standing between the attacker and all of your highly valued data.
While rendering your data unreadable to outsiders, encryption is also the first security barrier against potential threats. By encrypting data that travels in and out of your company, hackers won’t be able to pick up the information as if it were in plain text. Encryption also stops the spread of malware by restricting access to other points across your network.
Worryingly for consumers, customer data is the information most commonly stored in the cloud by UK businesses (59 per cent), meaning it is potentially at risk due to the lack of encryption efforts on the part of businesses. Financial business information and email are the next most likely to be stored in the cloud (47 per cent and 45 per cent).
Although cloud computing is seeing increasing adoption and many organisations aren’t taking the basic security steps. A vast amount still cite security fears as the main reason for sticking with on premise solutions.
In the latest research into cloud and infrastructure among medium to large UK-based organisations, 43 per cent of respondents cited security as the main barrier to cloud adoption. Fears stem from a loss of control of data and applications, as services move from internal data centres to those operated by third parties, which could be located anywhere in the world.
And liability concerns are justified. Cloud services are often hosted in one country and used in others, thus, the issues of legal jurisdiction in the event of a dispute and uncertainty about the applicable law. In this context, a security breach becomes more than a technical problem, but one of liability and accountability as well. Not surprisingly, 70% of businesses want to work with a cloud implementation provider that offers a single point of accountability – this means making a single person accountable for the whole process. Read more.
The second impediment is price, with 32 per cent of respondents suggesting that concerns over increased costs was their main reason for keeping their data out of the cloud.
Shadow data continues to be a major threat with 23 per cent of it being broadly shared among employees and external parties. Unapproved software usually appears on machines when employees discover a new application or device that enhances their productivity. The pressure to be productive outweighs any concerns over data security and corporate compliance, so, when employees need to access or share data quickly, they disregard the security requirements imposed by the IT department.
Enterprises are using 20 times more cloud apps than IT estimates, with most using an average of 841 across their extended network, the study shows. Half of these apps (47 per cent) is not managed or controlled by the IT department.
The study also shows that there is still significant difficulty in controlling or restricting end-user access. The number has increased from 48 per cent of respondents in the previous study to 53 per cent of respondents.
58 per cent of respondents say their organizations have third-party users accessing their data and information in the cloud. A worrisome number, since it is known that third-party are often the cause of data security incidents in small and medium-sized businesses.
Not surprisingly, when it comes to selecting a cloud provider, efficiency and cost are the most important factors, while security comes fifth on the list.