UK companies are falling behind the rest of Europe when it comes to securing data on cloud services, a new report has revealed.
The report from Gemalto, entitled “2018 Global Cloud Data Security Study”, says the vast majority of global companies have adopted cloud services (95 per cent), but not all treat security the same.
Companies in Germany, for example (61 per cent) are more cautious than those in the UK (35 per cent) when it comes to sharing sensitive and confidential data stored on the cloud.
Germany is leading the charge thanks to the application of controls like encryption or tokenisation.
Gemalto is also saying that more than three quarters of organisations, globally, understand the importance of securing their cloud-stored data through encryption and similar solutions. The company expects this number to rise to 91 per cent over the next two years.
Still, global organisations are wary. Half are saying payment info and customer data are at risk, when stored in the cloud. More than half think using cloud makes them risk failing to comply with various regulations.
With that in mind, almost nine in ten (88 per cent) think GDPR will force them to change cloud governance, with 37 per cent expecting ‘significant change’.
“While it’s good to see some countries like Germany taking the issue of cloud security seriously, there is a worrying attitude emerging elsewhere,” said Jason Hart, CTO, data protection at Gemalto. “This may be down to nearly half believing the cloud makes it more difficult to protect data, when the opposite is true.
“The benefit of the cloud is its convenience, scalability and cost control in offering options to businesses that they would not be able to access or afford on their own, particularly when it comes to security. However, while securing data is easier, there should never be an assumption that cloud adoption means information is automatically secure. Just look at the recent Accenture and Uber breaches as examples of data in the cloud that has been left exposed. No matter where data is, the appropriate controls like encryption and tokenisation need to be placed at the source of the data. Once these are in place, any issues of compliance should be resolved.”
Image source: Shutterstock/Omelchenko