Study finds data moving to cloud, encrypted or not

Summary:A study for Thales e-Security by the Ponemon Institute shows that organizations, particularly those strong security postures, are moving data to the cloud, but much of that data is unencrypted at rest.

Enterprise cloud adoption is moving faster than enterprise cloud security, according to the third annual Trends in Cloud Encryption Study from the Ponemon Institute, sponsored by Thales e-Security.

A majority of respondents of the survey are transferring sensitive or confidential data to the cloud; only 11% say they are not and have no plans to do so. While some may view the cloud as a potential security risk, in the survey organizations with a stronger security posture were more likely to transfer sensitive or confidential data to the cloud environment.

Depending on the form of cloud service — SaaS or IaaS generally — respondents see the responsibility for protecting data in the cloud, either in use or at rest, as being with different parties. An IaaS or PaaS server is largely the responsibility of the subscriber, and only 22 percent of respondents saw it as the sole responsibility of the provider. SaaS, on the other hand, was seen as a shared responsibility by only 19 percent.

Data at rest in the cloud is likely not to be encrypted, but many say they are encrypting data using tools provided either by the subscriber organization or the provider. The nature of the service greatly affects how one would apply such encryption. With simple cloud storage one might be able to encrypt the data before it is transmitted, but any service that needs to access the data will need to be able to decrypt it. With a service like Salesforce, encryption of data at rest can only be provided by the service.

encryption.survey

Even with strong encryption applied at a cloud server, bugs like Heartbleed show that keys may be accessible. The ideal solution is an HSM (Hardware Security Module), a device which performs the encryption internally and which never exposes the keys to the general computing environment. Thales provides such HSMs  which integrate with Microsoft's RMS (Rights Management Service)  in the Azure cloud.

The full survey goes into far more detail on many issues. For the study, Ponemon surveyed 4,275 business and IT managers in the United States, United Kingdom, Germany, France, Australia, Japan, Brazil and Russia.

Topics: Security

About

Larry Seltzer has long been a recognized expert in technology, with a focus on mobile technology and security in recent years. He was most recently Editorial Director of BYTE, Dark Reading and Network Computing at UBM Tech. Prior to that he spent over a decade consulting and writing on technology subjects, primarily in the area of sec... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.