Ponemon Institute Says Cloud Encryption is Lacking

When you keep data in the cloud, most security analysts recommend that you should encrypt your data as a best practice. Regardless if your data is sensitive or not, getting in the habit of protecting your data can help protect your organization against unconventional attacks such as social engineering and inside jobs. A report provided by the Ponemon Institute found that more organizations are increasingly confident in cloud security. The big question for organizations and cloud providers is: Who actually provides the security? Should data be encrypted before it’s moved to the cloud or should providers encrypt all data regardless?

Ponemon queried over 4,200 IT decision makers all across the world and nearly half of the respondents were unsure of who was actually supposed to provide data security services for their SaaS suites. In regards to data at rest, many organizations did not have their data encrypted at all. 39% of organizations that utilize SaaS in their environment say that their data at rest is encrypted. Only 26% percent of respondents who utilize IaaS and PaaS proactively encrypted their data at rest. On average, only 42% of those who responded encrypt their data before moving it into the cloud.

InfoWorld published a breakdown of all of these stats that were compiled by Ponemon. While the report gives technology professionals some alarming statistics, it is apparent that many of these IT decision makers do not take cloud security threats seriously. Many experts including those who are members of the Cloud Security Alliance believe that the lack of cloud security knowledge is due to a gap in skill. In a recent 3 part series, CloudWedge broke down the CSA’s “Notorious Nine” security threats with Data Breaches and Data Security being the top two threats. When you couple the Cloud Security Alliance’s recommendations alongside the analytics provided in Ponemon’s report, it becomes clear that organizations that are moving to cloud have a lot of homework to do when it comes to securing their data.