Encryption still a low priority for too many cloud users

The vast majority of businesses will be using cloud to store confidential information by 2018 -- but almost half have no plans to encrypt it.
Written by Danny Palmer, Senior Writer

More and more organisations see cloud as a secure environment to store confidential data.

Image: Picasa

The vast majority of organisations plan to store confidential or sensitive data in the cloud by 2018, but despite that being just two years away, only a third have already set out an encryption plan which can be described as consistently applied across the entirety of the enterprise.

According to the 2016 Global Encryption and Key Management Trends Study, more than half of global organisations are already transferring sensitive or confidential information to the cloud, with 56 percent of respondents stating that this already forms part of their data storage strategy, whether or not that data is encrypted or made unreadable via some other mechanism.

An additional 28 percent of respondents answered that they're likely to transfer confidential or sensitive data to the cloud in the next 12 to 24 months, a figure which if followed through will bring the total number of organisations using cloud storage in this way to 84 percent.

Ultimately, the findings indicate that decision makers believe the benefits of cloud computing outweigh the risks associated with transferring sensitive or confidential data to the cloud.

But despite this apparent enthusiasm to move data into the cloud, a significant proportion of those already doing so don't take any effort to protect the information through encryption or some other measure that renders data unreadable, according to the report by The Ponemon Institute which was carried out on behalf security firm Thales and cloud provider Vormetric.

Currently, 44 percent of firms encrypt data stored in the cloud, but 39 percent say they have no plans to render this data unreadable: indeed, the report suggests that 52 percent of respondents believe the most salient threat to sensitive or confidential data to be employee mistakes.

The threat of data exposure by employee mistakes is deemed to be a far bigger risk than anything else, with 30 percent of respondents believing system or process malfunction to be the most significant threat, while only a little over a quarter thought that hackers and cyber criminals actually posed a big threat to data loss.

With privacy of personal data understandably viewed to be significant, it perhaps isn't surprising that employee and HR data, along with payment-related data, are the most likely types of information to be encrypted. Sixty-two percent of organisations are encrypting employee and HR data, while 55 percent of organisations are doing the same with payment data.

However, just a third of organisations routinely encrypt customer data -- potentially putting it at risk of being breached if it did fall into the wrong hands -- while only one in five encrypt health data, which is arguably some of the most sensitive data about an individual.

Dr Larry Ponemon, chairman and founder of The Ponemon Institute, argues that it's important for all types of data to be properly encrypted, no matter where it's stored.

"Mega breaches and cyberattacks have increased companies' urgency to improve their security posture, and encryption usage continues to be a clear indicator of a strong security posture," he says.

"The findings of this year's study demonstrate the importance of both encryption and key management across a wide range of core enterprise applications -- from networking, databases and application level encryption to PKI, payments, public and private cloud computing and more," Ponemon adds.

The 2016 Global Encryption and Key Management Trends Studyis based on questioning over 5,000 business and IT managers across the globe.

Read more about encryption

Editorial standards