How secure is sensitive data stored in the cloud?

A Cloud Security Alliance (CSA) survey has found 67% of organisations store sensitive data in public cloud environments, but how secure is it?

The Cloud Security Alliance (CSA) has released a new report entitled Sensitive Data in the Cloud, the findings of which provide deeper insight into the industry’s knowledge, attitudes, and opinions regarding sensitive data in the cloud.

The survey, which was sponsored by Anjuna Security, asked respondents to share their approach to hosting sensitive data in the cloud and what they saw as security challenges and priorities for the coming year.

It was found that the vast majority of organisations (89%) host sensitive data or workloads in the cloud. Of those organisations, 67% host some sensitive data in the public cloud, and 45% host in the private cloud. With such sensitive data in these cloud environments, it emphasises the need for proper security of this data with measures like encryption.  

Securing data in the cloud

The CSA, which is a not-for-profit organisation with a mission to widely promote best practices for ensuring cyber security in cloud computing and IT technologies, found that about 1 in 10 organisations reported not keeping sensitive data in the cloud. 

When asked what was preventing them from doing so, the most common responses were regulatory requirements (23%), concerns about access controls (23%), and concerns about the security of the CSP (21%). While the sample size is too small to draw definitive conclusions from, organisations need to find methods and strategies that address their key concerns and allow them to keep pace with their counterparts.

“Increasingly, organisations are overcoming their initial apprehension around the cloud and its perceived security insufficiencies and are storing their sensitive data in public cloud environments with a growing use of Confidential Computing to protect workloads and ensure trust. In general, organisations have reservations about their own ability to protect their sensitive data in the cloud. 

“By shedding light on these issues, we can find ways to address and eventually close the gap between the perceived effectiveness of cloud service providers’ (CSP) security controls and organisations' lacking confidence in their abilities to protect sensitive data in the cloud,” said Hillary Baron, Senior Technical Director for Research, Cloud Security Alliance, and a lead author of the report.

Implementing new technology to enhance security 

Most organisations report that their CSP security controls are highly effective (38%) or somewhat effective (51%). However, organisations feel less confident in their own ability to protect sensitive data in the cloud, slightly (31%) or moderately (44%) confident. 

Despite organisations’ sense of confidence in their CSPs’ security controls, they still have reservations about their ability to protect sensitive data in the cloud. Just over a third of organisations were not confident or only slightly confident about their ability to protect sensitive data in a cloud environment and another 44% reported they were only moderately confident. 

It was found that over half of organisations plan to implement emerging solutions such as homomorphic encryption (59%), and confidential computing (55%) within the next 1 or 2 years. Gartner predicts privacy-enhancing computation techniques such as homomorphic encryption and/or confidential computing will be used by 60% of large organisations by 2025. This is the result of organisations’ need to process data in the public cloud and share data with multiple parties.


Featured Articles

UK police cyberattack a reminder of third party risk

Cyber criminals use back-door suppliers cyberattack to spread alarm through Britain's biggest police force

Building Cyber Resilience into ‘OT in Manufacturing’ webinar

Join Acronis' webinar, Building Cyber Resilience into ‘OT in Manufacturing’, 21st September 2023

Trustwave report on hospitality industry security threats

Nearly 31% of hospitality organisations have reported a data breach in their company’s history, according to a Trustwave cybersecurity report

Barracuda Managed XDR uses AI to uncover cyber incidents

Technology & AI

Imperva: 32% of work data breaches could have been avoided

Operational Security

Supply chain cyberattacks seen as catastrophic for business

Cyber Security