itb-au logo
Story image

Thales: Organisations failing to protect sensitive data in the cloud

09 Oct 2019

A new global study from Thales, with research from the Ponemon Institute, has exposed an increasing disparity between the rapid growth of data stored in the cloud and an organisation’s approach to cloud security.

Although nearly half (49%) of corporate data is stored in the cloud, a quarter (24%) of Australian organisations admit they have not employed a security-first approach to data storage in the cloud.

Surveying over 3,000 IT and IT security practitioners in Australia, Brazil, France, Germany, India Japan, the United Kingdom and the United States, the research found that only one in three (35%) Australian organisations believe that protecting data in the cloud is their own responsibility.

Increased multi-cloud cloud use, but with risks

With the proliferation of cloud-based services, businesses and other organisations are increasingly dependent on cloud providers.

In fact, nearly half (47%) of Australian organisations have a multi-cloud strategy, with Amazon Web Services (AWS), Microsoft Azure and IBM being the top three.

The study found that, on average, organisations use three different cloud service providers and over a quarter (26%) are using four or more.

Despite storing sensitive data in the cloud, nearly half (42%) of respondents from Australia revealed that storing consumer data in the cloud makes them more of a security risk.

Over half (59%) also noted that it posed a compliance risk.

In addition, organisations globally believe that cloud service providers bear the most responsibility for sensitive data in the cloud (35%), ahead of shared responsibility (33%) and themselves (31%).

In Australia, even though businesses are pushing the responsibility to cloud providers, only 16% say security is a factor in selecting them.

“With businesses increasingly looking to use multiple cloud platforms and providers, it’s vital they understand what data is being stored and where,” says Ponemon Institute chairman and founder Larry Ponemon.

“Not knowing this information makes it essentially impossible to protect the most sensitive data -- ultimately leaving these organisations at risk. We’d encourage all companies to take responsibility for understanding where their data sits to ensure it’s safe and secure.”

Encryption increasing, but organisations handing over keys to cloud providers

More than half (59%) of Australian businesses and other organisations still do not use encryption or tokenisation to protect sensitive data in the cloud.

The study uncovered regional disparities in terms of data security, with German organisations being the most advanced in their use of encryption at 66%.

Organisations are handing over the keys to their encrypted data to cloud providers.

Nearly half of cloud companies (44%) provide the encryption keys when data is encrypted in the cloud, ahead of in-house teams (36%) and third parties (19%).

On top of this, 53% are controlling these encryption keys themselves, despite 78% saying it’s important their organisation retains control of the keys.

Nearly two-thirds of Australian businesses (62%) think cloud storage makes it more difficult to protect sensitive data.

More than 61% believe that data in a cloud environment is harder to protect due to the complexity of managing privacy and data protection regulations, while 88% cited the difficulty of applying conventional security methods in the cloud.

“This study shows that businesses today are taking advantage of the opportunities that new cloud options offer, but aren’t adequately addressing data security,” says Thales A/NZ cloud protection and licensing activity regional director Graeme Pyper.

“Having pushed the responsibility towards cloud providers, it is surprising to see that security is not a primary factor during the selection process. It doesn’t matter what model or provider you choose, the security of your business’ data in the cloud has to be your responsibility.

“Your organisation’s reputation is on the line when a data breach occurs, so it is critical to ensure in-house teams keep a close eye on your security posture and always retain control of encryption keys.”

This research was conducted by the Ponemon Institute on behalf of Thales with 3,667 IT and IT security practitioners surveyed across Australia, Brazil, France, Germany, India, Japan, the United Kingdom and the United States.

Story image
Nutanix extends storage services to its hybrid cloud platform
New features include cloud tiering for objects storage, hybrid cloud file storage, and simplified disaster recovery, all of which build on the recent launch of Nutanix Clusters.More
Story image
GlobalData: Machine learning a hot topic amongst AI influencers
As well as machine learning, big data and data science emerged as the most mentioned trends among the AI influencer discussions.More
Story image
Commvault expands features for Disaster Recovery solution
The solution, which offers disaster recovery automation through a single extensible platform, will now support orchestration to and from on-premises, Azure and AWS.More
Story image
Epsilon brings multi-cloud networking to enterprises with Aviatrix
"We are excited to partner with Aviatrix to deliver a cloud networking service beyond traditional connectivity. Epsilon Cloud Networking addresses the real challenges in enterprise networking within and across the clouds."More
Story image
Visual development tools present real opportunity for A/NZ businesses
"It's only natural for enterprises in our region to gravitate towards the dramatic benefits of using visual development tools for building cloud-native applications."More
Link image
On 10 December, find out how data centers will fare in the face of climate change
From pandemic disruption to the urgency to address climate change, data center development in Asia Pacific needs to remain resilient and sustainable. On 10 December, join this webinar to learn about viable solutions data center operators can use to overcome environmental challenges. Register now.More