Enterprises found to be lacking on cloud security measures

November 12, 2014

As important as security is for IT departments within enterprises looking to move their operations into the cloud, it appears that many of them are still having a tough time with governance. The boost that cloud computing can give a business in terms of productivity and efficiency is well known, but what has kept adoption rates in check is the concerns about security – will sensitive company data be safe in the public cloud?

While business leaders have made a considerable amount of noise about their security worries, two recent studies revealed that even among seasoned users, security and governance has not been what it could or should be. One recent study by the Ponemon Institute reported that 70 percent of enterprises think that cloud security is more difficult than security for on-premise IT infrastructure.

Enterprises willingly hand over unencrypted data to under-equipped providers
A recent study by the Ponemon Institute found that even though encryption, tokenization and other cryptographic data protection measures are universally considered important, only 36 percent of enterprises are actually using these methods before uploading data into the public cloud.

This news is even more troubling when it's paired with the findings of another study. Netskope found that 70 percent of public cloud providers do not separate their tenants' data. The same study found that 21 percent of data uploaded to Business Intelligence cloud apps was stored with vendors who claimed they – not the enterprise – owned the data.

Enterprises need to be more proactive and do much more research on their cloud provider before handing their sensitive data to them, as well as encrypting the data before it is housed with everyone else's.

IT is rarely involved in enterprise cloud security
Continuing on the theme of security measures, the Ponemon study found that 44 percent of enterprise data stored in the cloud is not managed or accounted for by the IT department. The rise of the BYOD workplace coupled with a lack of policies regarding employees' deployment of cloud solutions has led to what is known as shadow IT.

Shadow IT means that untrained employees are sharing, storing and accessing company data on a variety of personal devices that are not under the IT department's security umbrella. Most companies have not adequately anticipated the problems with the BYOD workplace, forcing them to play catch up with the rest of the company.