A recent report by Thales e-Security, a global provider of financial data encryption and cyber security solutions, entitled “Encryption in the cloud,” reveals that more and more organisations are transferring sensitive or confidential information to public cloud services even though more than a third expect a negative impact on security posture. In response, the use of encryption is increasing but more than half of respondents still admit their sensitive data goes unprotected when it is stored in the cloud, despite data security topping the global news agenda.
Larry Ponemon, chairman and founder, Ponemon Institute, which conducted the independent study of more than 4,000 organisations, says that there are still concerns that many organisations continue to believe that their cloud providers are solely responsible for protecting their sensitive data even though the majority of respondents claim not to know what specific security measures their cloud provider is taking.
The good news is that visibility into the security practices of cloud providers is increasing, as is the use of encryption to protect sensitive or confidential data stored in the cloud. Still, when it comes to key management there is a clear recognition of the importance of retaining ownership of encryption keys with 34 percent of respondents reporting that their own organisation is in control of encryption keys when data is encrypted in the cloud. Only 18 percent of respondents report that the cloud provider has full control over keys. The need to share keys between organisations and the cloud highlights the growing interest in key management standards – in particular OASIS Key Management Interoperability Protocol (KMIP) – where 54 percent of respondents identify cloud based applications and storage encryption as the area to be most impacted by the adoption of the KMIP standard.