85% of IT Pros Concerned about Data Security in the Cloud
A study conducted by HP Security Voltage, a leading provider of data-centric security, confirms that a high percentage of IT security professionals fear hosting data in the cloud.
The survey asked over 300 IT professionals attending this year’s Infosecurity Europe (in London) about their data collection and storage habits. It found that an overwhelming 85% of IT professionals voiced concerns that sensitive information could be compromised in cloud-based applications.
“This statistic is alarming, as these results show a growing trend of the concern around the lack of security in cloud-based applications,” said Andy Heather, VP EMEA at HP Security Voltage. “Organizations that host sensitive data in the cloud need to realize that there is a shared responsibility when it comes to protecting that data. This means not just accepting that it’s vulnerable, but doing something about it to allay these fears. Businesses need to investigate exactly what level of security their cloud provider offers, make sure it is comprehensive, and ensure that their applications and customer data is not at risk.”
The survey also queried whether IT security professionals gather sensitive data, with 91% saying that their business does, in one way or another. Respondents confirmed it was a variety of data collected, including PCI (payment card information) and/or PII (personally identifiable information). When asked how they were gathering that data, 74% said they use a web browser, 27% gather via a credit card swipe and 23% using a mobile device (more than one answer could be selected).
“Any sensitive information, including financials, customer and employee data or intellectual property needs to be protected across the entire lifecycle of that data. Any loss or exposure of that data can result in compliance or regulatory fines, loss of brand and reputation,” said Heather.
When it comes to protecting that sensitive data, just under half of these experts revealed they were using a proven data-centric approach to data protection citing both encryption and tokenization. This breaks down to 55% saying that they use only encryption and a mere 3% revealing that they rely purely on tokenization. Fortunately, only five people in total – 2% of those surveyed – said that they do not use any steps to protect sensitive data.
“Data-centric security techniques permit this fine-grained protection of sensitive information, which means the protection stays with the data wherever it goes, even if it is intercepted, because it is encrypted at the source. This puts the company in control of the privacy over its data assets, while ensuring it can stay compliant with privacy regulations and keeps the business running smoothly,” concludes Heather