Cloud is still a pain to secure, survey shows

Cloud services are very important to businesses, everyone agrees. But if we looked at the importance of these services through the prism of the security efforts, one might think it's not really that important.

Those are the results of a new study by Gemalto and the Ponemon Institute, entitled “The 2016 Global Cloud Data Security Study,” based on a poll of more than 3,400 IT and security practitioners worldwide.

The biggest issue with protecting an organisation’s cloud efforts is shadow IT, it was said. Almost half of services are not deployed by the corporate IT department, and 47 per cent of data stored in cloud is not controlled by the IT department.

It was also said that conventional security practices do not apply here. More than half (54 per cent) said it was more difficult to protect confidential data in the cloud. Also, more customer data is being stored on cloud, and this data is considered to be most at risk.

"Cloud security continues to be a challenge for companies, especially in dealing with the complexity of privacy and data protection regulations," said Dr. Larry Ponemon, chairman and founder, Ponemon Institute. "To ensure compliance, it is important for companies to consider deploying such technologies as encryption, tokenization or other cryptographic solutions to secure sensitive data transferred and stored in the cloud."

Other problems organisations are faced with include the fact that security departments are often left in the dark when it comes to buying cloud services, and even though encryption is important, it’s not yet pervasive in the cloud.

Finally, many organisations still rely on passwords to secure user access, not using multi-factor authentication.