Despite some progress, cloud security remains a challenge for many enterprise companies according to the recent Gemalto/Ponemon Institute Global Cloud Data Security Study. Here’s why companies are still stressed and what they can do to ease the struggle.
When it comes to most enterprise companies, “react” is the primary mode of operation when it comes to cloud security.
This is the wrong approach.
Data breaches aren’t going away. These days, customer data loss is a near certainty. Malicious attackers and security threats are evolving every day. And governments at national and state levels are rolling out more wide-sweeping legislation to put a lock on the safety of personally identifiable information. While difficult, enterprise companies must switch from a reactive mode to a preemptive mode of cloud security.
However, according to the recent Gemalto and Ponemon Institute 2018 Global Cloud Data Security Study of 3,621 IT and IT security practitioners around the world, only 46 percent of respondents actually use encryption to secure sensitive data in the cloud. And only 52 percent of organizations control the encryption keys. This is problematic since organizations without centrally secured and stored keys put their encrypted data at risk.
Regarding compliance, only 53 percent of respondents agree that their organization uses a proactive approach to managing compliance with privacy and data protection in cloud environments.
Furthermore, only 53 percent say their organization uses multi-factor authentication to ensure safe access to data in the cloud. That’s about half of all organizations in the survey. Additionally, only 46 percent of organizations say they have defined roles and accountability for protecting sensitive information in the cloud.
Add to the fact that nearly half of companies are storing customer information, including payment information, and 37 percent are storing email and employee data, it’s clear businesses worldwide are still having a difficult time protecting cloud data due to less comprehensive security practices, inability to comply to regulatory standards, and unclear responsibility.
According to the survey, shadow IT remains a major scourge for companies, too. Nearly half of the respondents say they don’t know how many or what kinds of cloud services are being used by employees within their organization. Without a way to tell where data is accessed from, or who is accessing it, the cloud environments of enterprise companies will remain a hotbed of liability unless security officers can figure out how to identify and integrate rogue apps and services or stamp them out entirely.
This requires increasing cloud security using a few methods. Companies can start by monitoring data transmitted between authorized and unauthorized devices, and control and restrict access where possible. They must also study the requirements of compliance regulations such as the General Data Protection Regulation (GDPR), which suggest encryption as the number one way to protect sensitive information either at-rest or in-motion via cloud-based email or other means.
Cloud systems are complex and difficult to manage, but for a solution to all these issues, there is eperi Gateway, a one-stop installation that offers organizations an opportunity to bypass compliance, security, and encryption key maintenance in a much more simple and streamlined way. Along with a single hub for controlling your cloud app data settings, eperi Gateway comes with out-of-the-box functionality for many cloud-based apps and services, including Microsoft Office 365 and Salesforce (it also offers customization options for each template). It also encrypts and pseudonymizes data and allows for tight ownership and management of encryption keys to ensure only authorized users gain access to sensitive data.
Though daunting, the goal to achieving greater and stronger cloud data security is within reach for enterprise companies. To find out more about how encryption can improve your organization's cybersescurity readiness, contact eperi today.
Recommended for You