Security in the cloud
There are many studies on IT security and depending on the companies behind them and their purpose, the results are always to be treated with caution. But even if the absolute figures leave room for interpretation, comparing the findings of cloud security research make for interesting reading. A recent study by the Ponemon Institute commissioned by Gemalto (2018 Global Cloud Data Security Study). delivers insights into cloud data security in America and Europe. As cloud use is a global phenomenon – major vendors offer their services worldwide – business security requirements should have become more or less generic by now. Nevertheless, the study reveals very different perceptions and degrees of maturity among businesses who use cloud services, depending on their country.
The vast majority (95 percent) of companies worldwide have introduced cloud services. On average, each of these companies uses around 27 cloud services and applications. Yet only 40 percent of data in the cloud is secured by encryption and key management solutions. For German companies, the probability of protecting confidential or sensitive data in the cloud with security measures (61 percent) is significantly higher than for American (51 percent) and Japanese (50 percent) organizations. Does this mean that not all data in the cloud needs high level of security? Given the figures, that 54 percent of cloud data are payment details, 49 percent customer data and 10 percent employee information it’s not even worth asking this question. It is reassuring that at least half of the global companies surveyed believe that payment details (54 percent) and customer data (49 percent) are endangered in the cloud.
German companies are clearly ahead with the probability of protecting confidential or sensitive data in the cloud with security measures (61 percent) almost double that of British (35 percent) Brazilian (34 percent) and Japanese (31 percent) organizations. But this is probably just a temporary phenomenon as almost all companies in the study (88 percent) believe that the new EU General Data Protection Regulation (GDPR) will require changes in cloud governance, with two out of five respondents (37 percent) expecting substantial changes. It’s unlikely that the GDPR will improve the situation. Three-quarters of respondents (75 percent) fear that managing privacy in a cloud environment is more complex than in local networks, with the largest proportion of respondents (97 percent) in France, followed by the US (87 percent) and India (83 percent).
How companies that want to correctly implement the GDPR by the cut-off date should proceed remains a mystery, especially in countries such as the USA, where the definition of data protection is fundamentally different from that in Europe. Most respondents in the survey had difficulty just identifying the cloud services they use completely and unambiguously. Only a quarter (25 percent) of IT specialists and IT security experts say they are very confident of knowing all the cloud services their company uses, with a third (31 percent) being confident. That leaves just under 50 percent who have to consult their crystal ball every morning. In Germany, only 27 percent are not confident of knowing which cloud services their company are using. At least it is some commiseration that 73 percent of companies in Germany know whether their employees are working with Dropbox, OneDrive or WeTransfer.