New study finds that although cloud-based resources are becoming more important to companies, they are still struggling with cloud security
Despite the continued importance of cloud computing resources to organizations, companies are not adopting appropriate governance and cloud security measures to protect sensitive data in the cloud. These are just a few findings of a Ponemon Institute study titled “The 2016 Global Cloud Data Security Study,” commissioned by Gemalto. The study surveyed more than 3,400 IT and IT security practitioners worldwide to gain a better understanding of key trends in data governance and security practices for cloud-based services.
According to 73 per cent of respondents, cloud-based services and platforms are considered important to their organization’s operations and 81 per cent said they will be more so over the next two years.
In fact, 36 per cent of respondents said their companies’ total IT and data processing needs were met using cloud resources today and that they expected this to increase to forty-five percent over the next two years.
Although cloud-based resources are becoming more important to companies’ IT operations and business strategies, 54 per cent of respondents did not agree their companies have a proactive approach to managing security and complying with privacy and data protection regulations in cloud environments.
Companies are also still relying on passwords to secure user access to cloud services. Sixty-seven percent of respondents said the management of user identities is more difficult in the cloud than on-premises. However, organizations are not adopting measures that are easy to implement and could increase cloud security.
Just over half of companies – 55% — are using multi-factor authentication to secure employee and third-party access to applications and data in the cloud, which means many companies are still relying on just user names and passwords to validate identities. This puts more data at risk because fifty-eight percent of respondents say their organizations have third-party users accessing their data and information in the cloud.
Shadow IT and Cloud Security
Some cloud applications have a very simple enrollment process, which makes it easy for employees to sign up for the service without involving the IT department.
Shadow IT is what occurs when employees adopt cloud applications without approval or involvement from their IT department. It can be difficult to know what cloud applications have risk or threat exposures. If companies don’t provide a way for employees to understand what applications are allowed, shadow IT will continue.
The report says cloud security is stormy because of shadow IT according to respondents, nearly half (49 percent) of cloud services are deployed by departments other than corporate IT, and an average of 47 percent of corporate data stored in cloud environments is not managed or controlled by the IT department. However, confidence in knowing all cloud computing services in use is increasing. Fifty-four percent of respondents are confident that the IT organization knows all cloud computing applications, platform or infrastructure services in use – a nine percent increase from 2014.
More Here [CSO]