January 17, 2018 By Douglas Bonderud 3 min read

Ninety-five percent of businesses have adopted some form of the cloud. But, according to recent research, securing cloud-based data remains a major concern.

A new study by Gemalto found that 77 percent of companies recognize the importance of security controls such as encryption. Although this number would seem to suggest a steady march toward more defensible cloud data, just 47 percent of companies queried in the report actually use encryption to secure their sensitive data. This creates a disconnect whereby good knowledge is not backed up by solid global policies, putting cloud data at risk.

The Evolving Cloud Security Challenge

Although 88 percent of survey respondents said they are confident that new global regulations will impact cloud governance and 91 percent believe that the need to encrypt data will become more important over the next two years, security practices don’t match the preaching.

On average, according to the study, just 40 percent of all data stored in the cloud is secured with encryption and key management solutions. Meanwhile, just 25 percent of IT professionals surveyed were “very confident” they knew the exact type and number of cloud services used by their business.

The hard truth here is that these aren’t great numbers — but they’re not exactly surprising, either. Consider the trajectory of the cloud. At first it was a disrupter, but now cloud services have become essential for day-to-day operations, application development and big data analysis.

Giving up the cloud is unthinkable, but the prospect of both securing distributed data and actively keeping track of every cloud-based application is overwhelming for many IT departments. As a result, global cloud policies rarely make it past the drawing board even as more cloud services are added to the corporate roster.

A Growing Cloud Infrastructure

There’s no shortage of cloud infrastructure investment. Google recently announced that it spent $30 billion over the last three years building up cloud infrastructure and now has plans for undersea cables connecting Chile and Los Angeles; the U.S., Ireland and Denmark; and Australia and Southern Asia.

In other words, companies already using the cloud will find it even more convenient to spin up new servers, deploy new applications and store more data. However, organizations with existing security issues will face even greater challenges — especially because 75 percent of survey respondents said it’s more complex to manage privacy and data protection regulations in the cloud than on-premises.

Navigating the Wild West of Cloud Policy

So how do companies grow with the cloud and ensure they’re acting responsibly when it comes to cloud security? It all starts with policy.

Right now, global clouds remain a kind of Wild West, where data unseen is data ignored, and applications roam freely across personal and corporate networks. Clamping down on security issues means drafting a global, cloud-specific policy that addresses emerging problems.

For example, many organizations are now writing policies that embrace the utility of shadow IT while placing it under the purview of IT departments. In effect, this allows employees to retain some control over their cloud environment while granting IT the final word.

Encryption policies, meanwhile, are best designed for new data. Enterprises should mandate that all data moving to cloud storage be properly encrypted, then provide the personnel and technological support to make this a viable outcome. After all, the enemies of great policy are poor budgeting and sky-high expectations. Post-storage encryption is a long-term project that is doomed to sink new policies if attached as a core component.

The bottom line is that companies understand the need for cloud security but lack the global processes to follow through. Better outcomes demand specific policies backed by budgets that accommodate both trained security professionals and cutting-edge cloud solutions.

More from

How governance, risk and compliance (GRC) addresses growing data liability concerns

4 min read - In an era where businesses increasingly rely on artificial intelligence (AI) and advanced data capabilities, the effectiveness of IT services is more critical than ever. Yet despite the advancements in technology, business leaders are increasingly dissatisfied with their IT departments.According to a study by IBM's Institute for Business Value, confidence in the effectiveness of basic IT services among top executives has significantly declined. While AI promises transformational capabilities, particularly generative artificial intelligence (gen AI), the road to realizing these benefits…

Risk, reward and reality: Has enterprise perception of the public cloud changed?

4 min read - Public clouds now form the bulk of enterprise IT environments. According to 2024 Statista data, 73% of enterprises use a hybrid cloud model, 14% use multiple public clouds and 10% use a single public cloud solution. Multiple and single private clouds make up the remaining 3%.With enterprises historically reticent to adopt public clouds, adoption data seems to indicate a shift in perception. Perhaps enterprise efforts have finally moved away from reducing risk to prioritizing the potential rewards of public cloud…

Cybersecurity Awareness Month: Horror stories

4 min read - When it comes to cybersecurity, the question is when, not if, an organization will suffer a cyber incident. Even the most sophisticated security tools can’t withstand the biggest threat: human behavior.October is Cybersecurity Awareness Month, the time of year when we celebrate all things scary. So it seemed appropriate to ask cybersecurity professionals to share some of their most memorable and haunting cyber incidents. (Names and companies are anonymous to avoid any negative impact. Suffering a cyber incident is bad…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today