It appears that some companies are finding it too risky to store personal data and sensitive information in the cloud. According to the Cloud Data Security Report 2019, 27 per cent of German companies are planning to bring their sensitive data back into their own four walls. This “unclouding” applies to several of their departments – and security is one of the main reasons for it.
Everyone can understand why they may have security concerns. In many cases, companies don’t have end-to-end control over how exactly their data is protected against unauthorized access. If they don’t manage the encryption process themselves, they have to rely on the cloud provider’s protection mechanisms in case of attack. And since the GDPR has come into effect, it’s clear that the responsibility for personal data can’t be delegated to a third party. Liability always remains with the companies themselves. That’s why most of them (70 percent) are thinking of unclouding – and starting by moving their personal data back to an on-premises solution.
This fear appears to be reflected in the results of the Cloud Data Security Report 2019. Just under 30 percent of the German respondents said they had experienced security incidents. And about 62 per cent indicated that although they process personal information, they don’t classify all their data. But that is exactly what’s important. Compliance requirements and legal regulations stipulate that credit card information, financial details and other personal data requires special protection. This is the basis for decisions concerning the appropriate protection mechanisms. That said, only a small amount of company data really needs stringent protection – up to ten percent, according to experts.
If companies tackle data protection correctly right from the outset, unclouding wouldn’t be necessary at all. Even those who process a lot of sensitive data – personal information, financial details or business secrets – can use cloud services with no problem. But there’s one condition: the data should be protected before it’s even left the company. And that’s best achieved with encryption. With an encryption solution like the eperi Gateway, companies don’t even need to worry about time-consuming installations on the server or client side, because the gateway acts as a network component. With its patented template architecture, customers can decide for themselves which data fields are encrypted, tokenized or left as plain text. That applies to completely unknown applications as well as to common ones like Office 365 and Salesforce. In this way, companies can use the eperi Gateway as a centralized control hub for all their data protection processes.