According to the “Encryption in the Cloud” study, companies like to pass on responsibility for cloud security and even data encryption to their providers.
Photo: Max Babakov, Fotolia
Sensitivity to the dangers is low: Of the 4,000 managers and IT personnel surveyed globally, 82% planned to transmit sensible or confidential data to a cloud environment. But it often seems unclear as to who is responsible for security – the cloud service provider or the customer itself. Nearly two-thirds of those questioned, for example, felt the provider was responsible – even though the managers in almost all cases did not know how providers protect such data.
Integrated key management often not implemented
The question of who best manages the key material is likewise still open in most companies. And more than half of all companies that encrypt their data themselves entrust their cloud service provider with controlling key data. This, despite the fact that a central, automated key management integrated into existing IT business processes is considered indispensable. Whoever is in control here also controls the access to data.
What remains is the uncertainty. Thirty-nine percent of the companies that had already transmitted data to the cloud believe that the use of cloud computing makes such data less secure than before. According to Larry Ponemon, chairperson and founder of the institute bearing the same name, the cloud nevertheless represents a huge opportunity for the service providers. If these providers actively communicate with one another in the future about how they protect such confidential data, this will result in new competitive advantages.
Larry Ponemon of Ponemon Institute and Richard Moulds of Thales e-Security will provide more details about the study in a Webinar on September 25, 2012. Register at: www.thales-esecurity.com/webinars