New Research Reveals Significant Anxiety about Cloud Security, Yet Persistent Data Protection Gaps Remain
CipherCloud and Osterman Research Survey Finds Alarming Misconceptions About Cloud Encryption
SAN JOSE, CALIF. – October 12, 2016 – CipherCloud a leader in cloud security and governance, and Osterman Research today released a new report that shows businesses have a high level of concern about the exposure of sensitive and regulated data in the cloud to security threats. Yet despite this, the majority of data owners outsource responsibility for data protection, even though they still bear full legal liability if there is a breach. The survey also revealed that encryption is not well understood, with misconceptions about where encryption takes place, who manages the keys, and which parties can decrypt sensitive data.
Key findings from the Enterprise Cloud Data Protection Report include:
- Enterprises are worried about cloud data protection and threats to SaaS applications. More than 70 percent of respondents are concerned about data breaches, threats to the application layer, and system vulnerabilities.
- Despite these concerns, organizations have significant data protection gaps. While encryption is frequently cited as a critical component for data protection, only 37 percent reported encrypting data persistently while in use in the cloud. This represents a disconnect with concerns about protecting data while in use in the SaaS application layer.
- Survey respondents are not comfortable with outsiders being able to decrypt data, yet keys are largely shared. The majority of respondents expressed discomfort with third parties being able to decrypt corporate data—53% said they would not be comfortable with government agencies decrypting their data, for example. At the same time, 75 percent of respondents rely on keys managed by cloud providers, third-parties, or shared with either.
- Data owners rely on others for security, while still bearing legal responsibility if their data is breached. Only 32 percent of respondents believe that data owners are responsible for protecting confidential data. Yet, a growing number of compliance regulations make data owners bear the ultimate responsibility if there is a breach.
“These research findings should serve as a wake-up call to data owners who are worried about cloud security, yet continue to outsource responsibility for data protection to their IT teams or cloud providers,” said Willy Leichter, vice president, marketing for CipherCloud. “A new approach is needed for multi-cloud security that includes encrypting data in use. Only then can organizations feel confident their sensitive data is protected.”
“As cloud adoption continues to grow, so does the amount of sensitive and regulated data going into the cloud. This survey uncovers significant data protection gaps and misconceptions around encryption usage that are putting that sensitive data at risk,” said Michael Osterman, president of Osterman Research. “Organizations that operate multiple cloud applications—particularly those in heavily regulated industries—must identify multi-cloud security solutions that can help them close their data protection gaps.”
The report is based on an Osterman Research survey of professionals responsible for managing cloud security-related issues and protecting sensitive or confidential data in organizations that use SaaS applications for critical business functions. The organizations surveyed covered a wide range of industries and the mean number of employees at the organizations surveyed was 20,962.
CipherCloud, a leader in cloud security and governance, enables companies to adopt the cloud while delivering advanced data protection, compliance and control. CipherCloud delivers a comprehensive multi-cloud security platform that integrates advanced data protection, content control, monitoring, cloud discovery and risk analysis. The largest financial services, insurance, healthcare, telecommunication and government organizations across more than 25 countries have put their trust in CipherCloud.
CipherCloud was named by KuppingerCole as the Overall Leader in the CASB market and was named Cloud Computing Security Product of the Year by SC Magazine. CipherCloud has received investments from premier venture capital firms Andreessen Horowitz, Transamerica Ventures, Delta Partners and T-Venture, the venture capital arm of Deutsche Telekom. For more information, visit www.ciphercloud.com and follow us on Twitter – Follow @ciphercloud