How secure is sensitive data stored in the cloud?

A Cloud Security Alliance (CSA) survey has found 67% of organisations store sensitive data in public cloud environments, but how secure is it?

The Cloud Security Alliance (CSA) has released a new report entitled Sensitive Data in the Cloud, the findings of which provide deeper insight into the industry’s knowledge, attitudes, and opinions regarding sensitive data in the cloud.

The survey, which was sponsored by Anjuna Security, asked respondents to share their approach to hosting sensitive data in the cloud and what they saw as security challenges and priorities for the coming year.

It was found that the vast majority of organisations (89%) host sensitive data or workloads in the cloud. Of those organisations, 67% host some sensitive data in the public cloud, and 45% host in the private cloud. With such sensitive data in these cloud environments, it emphasises the need for proper security of this data with measures like encryption.  

Securing data in the cloud

The CSA, which is a not-for-profit organisation with a mission to widely promote best practices for ensuring cyber security in cloud computing and IT technologies, found that about 1 in 10 organisations reported not keeping sensitive data in the cloud. 

When asked what was preventing them from doing so, the most common responses were regulatory requirements (23%), concerns about access controls (23%), and concerns about the security of the CSP (21%). While the sample size is too small to draw definitive conclusions from, organisations need to find methods and strategies that address their key concerns and allow them to keep pace with their counterparts.

“Increasingly, organisations are overcoming their initial apprehension around the cloud and its perceived security insufficiencies and are storing their sensitive data in public cloud environments with a growing use of Confidential Computing to protect workloads and ensure trust. In general, organisations have reservations about their own ability to protect their sensitive data in the cloud. 

“By shedding light on these issues, we can find ways to address and eventually close the gap between the perceived effectiveness of cloud service providers’ (CSP) security controls and organisations' lacking confidence in their abilities to protect sensitive data in the cloud,” said Hillary Baron, Senior Technical Director for Research, Cloud Security Alliance, and a lead author of the report.

Implementing new technology to enhance security 

Most organisations report that their CSP security controls are highly effective (38%) or somewhat effective (51%). However, organisations feel less confident in their own ability to protect sensitive data in the cloud, slightly (31%) or moderately (44%) confident. 

Despite organisations’ sense of confidence in their CSPs’ security controls, they still have reservations about their ability to protect sensitive data in the cloud. Just over a third of organisations were not confident or only slightly confident about their ability to protect sensitive data in a cloud environment and another 44% reported they were only moderately confident. 

It was found that over half of organisations plan to implement emerging solutions such as homomorphic encryption (59%), and confidential computing (55%) within the next 1 or 2 years. Gartner predicts privacy-enhancing computation techniques such as homomorphic encryption and/or confidential computing will be used by 60% of large organisations by 2025. This is the result of organisations’ need to process data in the public cloud and share data with multiple parties.


Featured Articles

Barracuda: Why Businesses Struggle to Manage Cyber Risk

Barracuda Networks CIO report shows that six in 10 businesses struggle to manage cyber risk, with issues such as policy struggles and management buy-in

Evri, Amazon and Paypal Among Brands Most Used by Scammers

With the development of AI, cybercriminals are becoming more and more sophisticated in their attacks, using fake websites and impersonating popular brands

Tech & AI LIVE: Key Events that are Vital for Cybersecurity

Connecting the world’s technology and AI leaders, Tech & AI LIVE returns in 2024, find out more on what’s to come in 2024

MWC Barcelona 2024: The Future is Connectivity

Technology & AI

AI-Based Phishing Scams Are On The Rise This Valentine’s Day

Cyber Security

Speaker Lineup Announced for Tech Show London 2024

Technology & AI