Out-Law News 2 min. read
26 Jun 2013, 2:06 pm
Research conducted by the Ponemon Institute on behalf of Thales e-Security has shown that 53% of businesses transfer sensitive or confidential data to the cloud.
However, only around a third of respondents said that they know what steps cloud providers take to protect their businesses' sensitive or confidential information, according to the Trends in Cloud Encryption Study.
The study showed growing confidence in cloud providers' ability to protect sensitive or confidential data, however, with 57% of respondents expressing confidence in their providers' ability to do so compared with 41% in 2011. Fewer than half of respondents (46%) had confidence in the ability of their own company to safeguard the information, but 44% said their business had the ability to safeguard sensitive and confidential data before it is transferred into the cloud.
More than a third of organisations (37%) encrypt the data temporarily as it is transferred across the network onto cloud computing service, whilst 31% said that the data is encrypted "persistently before it is transferred to the cloud provider, such that it remains encrypted within the cloud", according to the report. Under a quarter of respondents (22%) said that data encryption occurs when the information is in the cloud.
However, Richard Moulds, vice-president of strategy at Thales e-Security, said that there are some "huge downsides" to having encrypted data in the cloud, according to a report by Computer Weekly.
"One of the huge downsides of using encryption in the enterprise – assuming the cloud is insecure – is that you are very much diminishing the value you can get out the cloud,” Moulds said, according to the report. "If you want to use the cloud for data processing, data analytics, filtering, searching – you can’t do any of that if data is encrypted."
The study identified a broad mix of responsibility for the management of "encryption keys" when data is encrypted in the cloud, with 29% of respondents stating that their organisations retain that responsibility, 26% saying responsibility is shared between their company and the cloud provider, 23% outlining that the cloud provider is solely responsible with third parties responsible in a further 21% of cases.
"Encryption is the most widely proven and accepted method to secure sensitive data both within the enterprise and the cloud, but it’s no silver bullet," Moulds said in a statement. "Decisions still need to be taken over where encryption is performed and critically, who controls the keys. This is perhaps one of the reasons why new key management standards, such as the Key Management Interoperability Protocol (KMIP), have already attracted considerable interest, particularly in the context of cloud encryption."
"The ability to safely migrate sensitive applications to the cloud has the potential to deliver even more economic benefit than the more routine applications that have already taken that step," he said.
The study was based on a survey of 4,205 business and IT managers in the US, UK, Germany, France, Australia, Japan and Brazil.
