BW CIO World – Cloud Increases Risk of Compliance Breaches

cio_logo83 percent Indian IT security practitioners believe managing privacy and data protection regulations in cloud is more complicated than on-premises networks

Gemalto revealed that while the vast majority of global companies (95 percent) have adopted cloud services, there is a wide gap in the level of security precautions applied by companies in different markets. Organizations admitted that on average, only two-fifths (40 percent) of the data stored in the cloud is secured with encryption and key management solutions.

“While it’s good to see some countries like Germany taking the issue of cloud security seriously, there is a worrying attitude emerging elsewhere,” said Jason Hart, CTO, Data Protection at Gemalto. “This may be down to nearly half believing the cloud makes it more difficult to protect data, when the opposite is true.

“The benefit of the cloud is its convenience, scalability and cost control in offering options to businesses that they would not be able to access or afford on their own, particularly when it comes to security. However, while securing data is easier, there should never be an assumption that cloud adoption means information is automatically secure.

“Just look at the recent Accenture and Uber breaches as examples of data in the cloud that has been left exposed. No matter where data is, the appropriate controls like encryption and tokenization need to be placed at the source of the data. Once these are in place, any issues of compliance should be resolved.”

To read the full article click here.

IT Pro Portal – UK companies lag behind in securing cloud data

itproportalUK companies are falling behind the rest of Europe when it comes to securing data on cloud services, a new report has revealed.

The report from Gemalto, entitled “2018 Global Cloud Data Security Study”, says the vast majority of global companies have adopted cloud services (95 per cent), but not all treat security the same.

“While it’s good to see some countries like Germany taking the issue of cloud security seriously, there is a worrying attitude emerging elsewhere,” said Jason Hart, CTO, data protection at Gemalto. “This may be down to nearly half believing the cloud makes it more difficult to protect data, when the opposite is true.

“The benefit of the cloud is its convenience, scalability and cost control in offering options to businesses that they would not be able to access or afford on their own, particularly when it comes to security. However, while securing data is easier, there should never be an assumption that cloud adoption means information is automatically secure. Just look at the recent Accenture and Uber breaches as examples of data in the cloud that has been left exposed. No matter where data is, the appropriate controls like encryption and tokenisation need to be placed at the source of the data. Once these are in place, any issues of compliance should be resolved.”

To read the full article click here.

4 Important trends in cloud security

Significant security challenges confront organizations as they migrate their IT needs and processing resources to the cloud. They must first select a cloud service provider that can hopefully ensure security of the cloud and thereby fulfill their half of the Shared Responsibility Model. Next, they must implement appropriate security controls such as encryptionaccess management and multi-factor authentication in their effort to secure corporate and customer data.

This process is becoming more and more complicated as time goes on. On the one hand, IT personnel no longer have the control over data in the cloud and IT spending they once had, which is shaping the types of security process in which organizations are investing. On the other hand, external forces like new data protection regulations such as the European Union’s General Data Protection Regulation (GDPR) will likely affect cloud storage practices, yet it’s unclear how organizations’ efforts to comply with the regulation could change cloud governance.

These are some of the realities in Gemalto’s 2018 Global Cloud Data Security Study.

cloud security infographic

For the report, Gemalto commissioned the Ponemon Institute to survey 3,621 IT and information security practitioners in the United States, the United Kingdom, Australia, Germany, France, Japan, India, and Brazil about their organizations’ use of the cloud and the security challenges they are facing as a result. The survey yielded several key trends. Here are four that are particularly relevant for organizations and their cloud data security strategies:

  1. Organizations Are Not Fulfilling Their Commitment to Cloud Data Security

For Gemalto’s 2018 study, Ponemon Institute found that 67% of respondents say their organizations are committed to protecting confidential and sensitive information in the cloud. That pledge notwithstanding, fifty-three percent of respondents do not agree their companies have a proactive approach to compliance. Even more than that (57%) do not believe their organizations are careful enough when sharing sensitive information with third parties.

As a result, many respondents are concerned about the security of the data their employers store in the cloud. Organizations primarily store customer information (59%), email (49%), consumer data (47%) employee records (38%), and payment information (39%) in the cloud. Approximately half of participants in Gemalto’s study worrying most about payment information and customer information at 54% and 49%, respectively. Eighty-eight percent of respondents are also concerned the European Union’s GDPR will play some role in demanding more from organizations and their commitment to cloud data security.

  1. The IT Department Is Losing Control of Cloud Security Practices and Budget

Gemalto’s report reveals that IT is losing control of both its budget and corporate data stored in the cloud. Indeed, the average percent of IT spending controlled by the IT department was fifty-three percent in 2016. That proportion declined to under half (40%) of spending in 2017.

At the same time, functions outside of information technology are deploying an average of fifty-eight percent of cloud services. This figure represents a significant increase over 2016. So too does the fact that the average percent of corporate data stored in cloud environments and not managed by IT has grown from 44 percent to 53 percent.

  1. Challenges and a Lack of Focused Practices Abound in Cloud Security

Survey respondents report the difficulty in protecting confidential information when using cloud services has decreased in several key areas. 54% of IT and infosec professionals say it’s more difficult to defend cloud data in Gemalto’s 2018 study. That figure is down from sixty percent the previous year. At the same time, the difficulties in restricting end-user access decreased from 53% of respondents in 2016 to 51% of participants in 2017.

Even so, challenges still abound in cloud security. Seventy-one percent of survey respondents say it’s difficult to apply conventional information security principles in a cloud environment, with close to that same percentage of participants (62%) saying their organization’s use of cloud resources increases compliance risk. Meanwhile, sixty-seven percent of IT professionals cite their companies’ inability to directly inspect cloud providers for security compliance as a source of difficulty, though 61% of respondents say their organizations now evaluate the security capabilities of a cloud provider prior to engaging their services and deploying their technology.

  1. Encryption and Access Management Solutions Are Growing in Use and Importance

Seventy-seven percent of those who participated in Gemalto’s 2018 study think the ability to encrypt or tokenize sensitive or confidential data stored in the cloud is important, with more than nine in ten (91%) saying it will become more important in the next two years. At this time, 47 percent of respondents say they use encryption or similar tools to secure data at rest in the cloud; 58% report that encryption is used for data sent and received by the cloud provider. Encryption or tokenization of data within cloud applications has also increased by eight percentage points (from 28% to 36%) over the last two years.

In addition, strong user access controls and access management to data stored in the cloud has increased in importance according to the study. The ability to control strong authentication prior to accessing data and applications in the cloud has increased from 73 percent of respondents to 81 percent of respondents over the past few studies. In addition, 53 percent of respondents say their organization uses multi-factor authentication to secure access to data in the cloud environment. Just under that percentage of respondents (47 percent) say their organizations use multi-factor authentication for employees’ access to the cloud. When asked the percent of cloud applications that have user-enabled access controls, the average is only 19 percent.

The Tip of the Iceberg

The findings presented above are just a snapshot of Gemalto and Ponemon Institute’s study on the ever-evolving cloud data security landscape. The report also investigates what organizations look for when choosing a cloud service provider (CSP) and what IT professionals consider to be the most important identity and access management features for the cloud. It also delves into organizations’ engagement with the cloud differentiated by respondents’ country of origin.

For insight into these and many other issues, download Gemalto’s Cloud Governance and Security Research.

 

This blog post also appears on the Gemalto Security blog here.

DevOps Online – Only 40% of cloud data is protected, says Gemalto

devopsonlineGemalto, the world leader in digital security, revealed that 95% of global companies have adopted cloud services, despite there being a wide gap in the level of security precautions applied by companies in different markets.

Organisations admitted that on average, only 40% of the data stored in the cloud is secured with encryption and key management solutions. 

Jason Hart, CTO for data protection at Gemalto, said: “While it’s good to see some countries like Germany taking the issue of cloud security seriously, there is a worrying attitude emerging elsewhere.

“The benefit of the cloud is its convenience, scalability and cost control in offering options to businesses that they would not be able to access or afford on their own, particularly when it comes to security.

“However, while securing data is easier, there should never be an assumption that cloud adoption means information is automatically secure. Just look at the recent Accenture and Uber breaches as examples of data in the cloud that has been left exposed.

“No matter where data is, the appropriate controls like encryption and tokenisation need to be placed at the source of the data. Once these are in place, any issues of compliance should be resolved.”

To read the full article click here.

CIO – Big differences between countries on security precautions in the cloud

cioA new report has revealed that while the vast majority of global companies (95%) have adopted cloud services, there is a wide gap in the level of security precautions applied by companies in different markets. Organisations admitted that on average, only two-fifths (40%) of the data stored in the cloud is secured with encryption and key management solutions.

“While it’s good to see some countries like Germany taking the issue of cloud security seriously, there is a worrying attitude emerging elsewhere,” said Jason Hart, CTO, Data Protection at Gemalto. “This may be down to nearly half believing the cloud makes it more difficult to protect data, when the opposite is true.”

“The benefit of the cloud is its convenience, scalability and cost control in offering options to businesses that they would not be able to access or afford on their own, particularly when it comes to security. However, while securing data is easier, there should never be an assumption that cloud adoption means information is automatically secure. Just look at the recent Accenture and Uber breaches as examples of data in the cloud that has been left exposed. No matter where data is, the appropriate controls like encryption and tokenization need to be placed at the source of the data. Once these are in place, any issues of compliance should be resolved.”

To read the full article click here.

Broadcast – UK businesses slow to secure cloud-based assets

broadcastThere are huge regional variations in how companies address security in the cloud, according to a study by digital security company Gemalto.

While around half the global organisations surveyed believe information such as payment details and customer data is at risk in the cloud, some countries do far more to secure cloud-stored data than others.

Jason Hart, CTO, data protection at Gemalto, said: “While it’s good to see some countries like Germany taking the issue of cloud security seriously, there is a worrying attitude emerging elsewhere. This may be down to nearly half believing the cloud makes it more difficult to protect data, when the opposite is true.”

He continues: “The benefit of the cloud is its convenience, scalability and cost control, however, while securing data is easier, there should never be an assumption that cloud adoption means information is automatically secure. Just look at the recent Accenture and Uber breaches as examples of data in the cloud that has been left exposed. No matter where data is, the appropriate controls like encryption and tokenisation need to be placed at the source of the data. Once these are in place, any issues of compliance should be resolved.”

To read the full article click here.

LandMobile – Study Suggests Contrasting Global Attitudes to Cloud Safety

landmobileFigures released by digital security company Gemalto have revealed a marked difference in attitude across countries when it comes to storing information in the cloud.

Speaking of the findings, Jason Hart, CTO, data protection at Gemalto said: “While it’s good to see some countries like Germany taking the issue of cloud security seriously, there is a worrying attitude emerging elsewhere. This may be down to nearly half believing the cloud makes it more difficult to protect data, when the opposite is true.

“The benefit of the cloud is its convenience, scalability and cost control in offering options to businesses that they would not be able to access or afford on their own, particularly when it comes to security.

“However, while securing data is easier, there should never be an assumption that cloud adoption means information is automatically secure. Just look at the recent Accenture and Uber breaches as examples of data in the cloud that has been left exposed.”

To read the full article click here.

betanews – New study shows wide gaps in attitudes to cloud security

betanewsWhile a majority of businesses around the world have adopted cloud services, a study released today reveals a wide gap in the level of security precautions applied by companies in different markets.

“While it’s good to see some countries like Germany taking the issue of cloud security seriously, there is a worrying attitude emerging elsewhere,” says Jason Hart, CTO, Data Protection at Gemalto. “This may be down to nearly half believing the cloud makes it more difficult to protect data, when the opposite is true.”

To read the full article click here.

PCR – British businesses lackadaisical about securing the Cloud

pcrBritish businesses harness a lackadaisical attitude towards securing data in the Cloud. UK-based businesses are almost half as likely to secure confidential or sensitive data in the Cloud compared to their German counterparts, according to a study by Gemalto and Ponemon.

“While it’s good to see some countries like Germany taking the issue of cloud security seriously, there is a worrying attitude emerging elsewhere,” said Jason Hart, CTO, Data Protection at Gemalto. “This may be down to nearly half believing the cloud makes it more difficult to protect data, when the opposite is true.

“The benefit of the cloud is its convenience, scalability and cost control in offering options to businesses that they would not be able to access or afford on their own, particularly when it comes to security. However, while securing data is easier, there should never be an assumption that cloud adoption means information is automatically secure. Just look at the recent Accenture and Uber breaches as examples of data in the cloud that has been left exposed. No matter where data is, the appropriate controls like encryption and tokenization need to be placed at the source of the data. Once these are in place, any issues of compliance should be resolved.”

To read the full article click here.

Help Net Security – As the cloud’s popularity grows, so does the risk to sensitive data

helpnetWhile the vast majority of global companies (95%) have adopted cloud services, there is a wide gap in the level of security precautions applied by companies in different markets. Organizations admitted that on average, only two-fifths (40%) of the data stored in the cloud is secured with encryption and key management solutions.

“While it’s good to see some countries like Germany taking the issue of cloud security seriously, there is a worrying attitude emerging elsewhere,” said Jason Hart, CTO, Data Protection at Gemalto. “This may be down to nearly half believing the cloud makes it more difficult to protect data, when the opposite is true.

“The benefit of the cloud is its convenience, scalability and cost control in offering options to businesses that they would not be able to access or afford on their own, particularly when it comes to security. However, while securing data is easier, there should never be an assumption that cloud adoption means information is automatically secure. Just look at the recent Accenture and Uber breaches as examples of data in the cloud that has been left exposed. No matter where data is, the appropriate controls like encryption and tokenization need to be placed at the source of the data. Once these are in place, any issues of compliance should be resolved.”

To read the full article click here.