Cloud security has always been a sensitive topic. For many years, security was listed as the number-one reason why companies shied away from adopting cloud technologies. Cloud security has improved considerably over the years, but a survey conducted by Perspecsys shows just how far we have to go, especially when it comes to understanding where and how data is protected.
While at RSA, the folks from Perspecsys surveyed more than 125 attendees about data control in the cloud and more than half (57 percent) said they don’t have a complete picture of where their sensitive data is stored. Perhaps more alarming, 48 percent of the respondents said they don’t have a lot of faith in their cloud providers to protect their data. And because of this lack of trust, cloud adoption is slowed.
Maybe we haven’t come that far in cloud security, or at least the perception of cloud security, after all. Although, I have to say, the findings in the Perspecsys survey are a lot more encouraging than the results of a Ponemon Institute study of a year ago that found, according to eSecurity Planet:
… only 16 percent of respondents know where all of their sensitive structured data resides -- and just seven percent know the location of all of their sensitive unstructured data, including data in emails and documents.
In a statement, Gerry Grealish, CMO with Perspecsys, explained where exactly the concerns are in data storage and security:
Challenges with tracking where sensitive and regulated data is flowing, and the inability to control that flow in outsourced environments such as SaaS cloud applications, where it can move freely between data centers and cloud provider’s partner’s systems, is a key challenge for enterprises in regulated sectors.
I had a chance to talk to Grealish while I was at RSA, and we spoke about the concerns over the loss of control of data in the cloud. During our conversation, he made two comments that I think were important takeaways on the issue. First, we have to remember that the most sensitive data should never be stored in the cloud. Sometimes compliance regulations restrict cloud storage options, but companies also need to be smart about cloud computing. If certain information is lost, what amount of damage will your company suffer?
Second, he said companies need to do a better job at keeping control of the data stored in the cloud. That can be done through encryption or tokenization, a point he stressed in his formal statement about the survey:
Enterprises need to consider encrypting or tokenizing any sensitive data before it goes to the cloud, so they retain full control of their information while it is in-transit to the cloud, while it is stored at-rest in the cloud, and while it is in-use being processed in the cloud.
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba