How secure is sensitive data stored in the cloud?
The Cloud Security Alliance (CSA) has released a new report entitled Sensitive Data in the Cloud, the findings of which provide deeper insight into the industry’s knowledge, attitudes, and opinions regarding sensitive data in the cloud.
The survey, which was sponsored by Anjuna Security, asked respondents to share their approach to hosting sensitive data in the cloud and what they saw as security challenges and priorities for the coming year.
It was found that the vast majority of organisations (89%) host sensitive data or workloads in the cloud. Of those organisations, 67% host some sensitive data in the public cloud, and 45% host in the private cloud. With such sensitive data in these cloud environments, it emphasises the need for proper security of this data with measures like encryption.
Securing data in the cloud
The CSA, which is a not-for-profit organisation with a mission to widely promote best practices for ensuring cyber security in cloud computing and IT technologies, found that about 1 in 10 organisations reported not keeping sensitive data in the cloud.
When asked what was preventing them from doing so, the most common responses were regulatory requirements (23%), concerns about access controls (23%), and concerns about the security of the CSP (21%). While the sample size is too small to draw definitive conclusions from, organisations need to find methods and strategies that address their key concerns and allow them to keep pace with their counterparts.
“Increasingly, organisations are overcoming their initial apprehension around the cloud and its perceived security insufficiencies and are storing their sensitive data in public cloud environments with a growing use of Confidential Computing to protect workloads and ensure trust. In general, organisations have reservations about their own ability to protect their sensitive data in the cloud.
“By shedding light on these issues, we can find ways to address and eventually close the gap between the perceived effectiveness of cloud service providers’ (CSP) security controls and organisations' lacking confidence in their abilities to protect sensitive data in the cloud,” said Hillary Baron, Senior Technical Director for Research, Cloud Security Alliance, and a lead author of the report.
Implementing new technology to enhance security
Most organisations report that their CSP security controls are highly effective (38%) or somewhat effective (51%). However, organisations feel less confident in their own ability to protect sensitive data in the cloud, slightly (31%) or moderately (44%) confident.
Despite organisations’ sense of confidence in their CSPs’ security controls, they still have reservations about their ability to protect sensitive data in the cloud. Just over a third of organisations were not confident or only slightly confident about their ability to protect sensitive data in a cloud environment and another 44% reported they were only moderately confident.
It was found that over half of organisations plan to implement emerging solutions such as homomorphic encryption (59%), and confidential computing (55%) within the next 1 or 2 years. Gartner predicts privacy-enhancing computation techniques such as homomorphic encryption and/or confidential computing will be used by 60% of large organisations by 2025. This is the result of organisations’ need to process data in the public cloud and share data with multiple parties.
