Security concerns have been present since the dawn of cloud computing. While these issues initially cast a shadow over the technology and scared many decision-makers away, the proliferation of cloud-based environments throughout the private sector has been swaying some of these opinions as of late. Now companies are embracing the cloud for its many benefits, despite lingering troubles regarding the protection of confidential records.
A new global study by the Ponemon Institute revealed that approximately half of businesses are currently migrating sensitive information to cloud-based environments, while another third said they will likely do so within the next two years. This means the cost-saving benefits associated with the cloud are having a stronger effect than cloud data protection fears on more than 80 percent of businesses around the world.
How the cloud is influencing data security initiatives
The survey found that while the majority of businesses are embracing the cloud to host confidential information, roughly 39 percent said the use of the technology has negatively impacted their ability to keep sensitive records safe.
"However, it is particularly interesting to note that it is those organizations that have a strong overall security posture that appear to be more likely to transfer this class of information to the cloud environment – possibly because they [understand] how and where to use tools such as encryption to protect their data and retain control," Ponemon Institute chairman and founder Larry Ponemon said.
The study noted that the majority of businesses appear to agree on the importance of defending sensitive data in the cloud, though not all organizations share the same opinion as to how they should apply protection tools. Approximately 64 percent of survey respondents said cloud data security is the service provider's responsibility. Unfortunately, the same number of decision-makers said they do not have the proper amount of visibility to ensure the vendor is keeping cloud environments safe.
This is leading organizations to turn to encryption to guarantee unauthorized individuals don't have access to sensitive records.
Encryption in the land of cloud computing
Despite the demand for encryption, business and IT executives take different approaches toward applying it. The Ponemon Institute revealed that roughly half of survey respondents said they encrypt information before migrating it to the cloud, while the rest trust the service provider with doing so once data has been pushed into the hosted environment.
"Staying in control of sensitive or confidential data is paramount for most companies today," security expert Richard Moulds said.
In other words, regardless of whether an organization decides to apply its own encryption or leave it up to the vendor, decision-makers should remain in control of the keys. This was echoed by SANS Institute fellow Eric Cole in an interview with Network World when he said data encryption in the cloud is a necessity but only the appropriate authorities should have access to the keys that unlock confidential information.
Network World added that organizations should understand their objectives before fully committing to cloud computing. This includes being conscious of all compliance regulations and policies, as well as the impact the cloud will have on encryption. After all, migrating data to the cloud means losing at least some level of control over that information.
"However, just as with any type of encryption, it only delivers meaningful value if deployed correctly and with encryption keys that are managed appropriately," Moulds asserted. "Effective key management is emblematic of control and the need for centralized and automated key management integrated with existing IT business processes is a necessity."
This appears to be an area in which many companies can adjust their strategies. According to the Ponemon Institute, only 36 percent of decision-makers said their organizations have the primary responsibility for managing encryption keys, while another 22 percent said this burden lies with the service provider. Furthermore, more than half of respondents who said they apply encryption themselves eventually hand over control of the keys to vendors.
"Even if you allow your data to be encrypted in the cloud, it's important to know you can still keep control of your keys," Moulds said. "If you control the keys, you control the data."
As more organizations continue to migrate sensitive information to the cloud, it will become increasingly important that decision-makers take a firm stance on encryption to ensure confidential data is protected by the appropriate amount of security. Failing to implement robust defensive and authentication tools will only make businesses more susceptible to data breaches, which could result in significant fines, damaged reputations or worse.
Cloud Security News from SimplySecurity.com by Trend Micro