Less than half of organizations that employ cloud computing services have clearly defined rules for safeguarding confidential or sensitive information, and 56 percent say that their employer is not sufficiently careful about sharing this information with third parties in the cloud, a Ponemon study has found.

In addition, only 34 percent of confidential data on software as a service (SaaS) platforms is encrypted, while 49 percent of all cloud services and 47 percent of all corporate data stored in the cloud are beyond the reach of IT departments.

However, in the two years since the last Ponemon report, there has been an increase in IT professionals reporting that their department is aware of all cloud applications, platforms and infrastructure services in use, rising to 54 percent of respondents from 45 percent in 2014. This presents a marked rise in overall visibility of cloud services.

The study found that the spread of cloud computing services is presenting vulnerabilities within organizations’storage and management of confidential information.

Fifty-three percent of respondents said it is more difficult to control end-user access to data in the cloud
Fifty-three percent of respondents said it is more difficult to control end-user access to data in the cloud – Thinkstock/ Varijanta

Security service

The 2016 Global Cloud Data Security Study was compiled by the Ponemon Institute on behalf of digital security company Gemalto. It surveyed more than 3,400 IT and IT security practitioners from nine countries around the world, including the US, UK and Germany.

The Ponemon Institute, founded in 2002, is an independent US-based research company that focuses on privacy, data protection and information security policy. 

“Cloud security continues to be a challenge for companies, especially in dealing with the complexity of privacy and data protection regulations,” said Dr. Larry Ponemon, chairman and founder of the Ponemon Institute.

“To ensure compliance, it is important for companies to consider deploying such technologies as encryption, tokenization or other cryptographic solutions to secure sensitive data transferred and stored in the cloud.”

Although more than half of respondents (54 percent) still said it is more difficult to protect data using cloud services, the number fell from the 60 percent recorded two years ago.

Fifty-three percent of the professionals questioned said it is more difficult to control or restrict end-user access to data in the cloud.

Seventy-seven percent said managing identities is harder in the cloud than on-premises.

“Organizations have embraced the cloud with its benefits of cost and flexibility but they are still struggling with maintaining control of their data and compliance in virtual environments,” said Jason Hart, vice president and chief technology officer for data protection at Gemalto.

“It’s quite obvious security measures are not keeping pace because the cloud challenges traditional approaches of protecting data when it was just stored on the network. It is an issue that can only be solved with a data-centric approach in which IT organizations can uniformly protect customer and corporate information across the dozens of cloud-based services their employees and internal departments rely every day.”