Ponemon study: trends with transferring data to the cloud

A new report from Ponemon Institute has shown that 82% of companies have already transferred, or plan to transfer confidential data into the cloud.

The report, entitled ‘Encryption in the Cloud’ and sponsored by security experts Thales, aims to examine current trends and perceptions with storing sensitive information in the cloud.

Broken down, the survey of over 4000 IT professionals across five continents revealed that 49% of respondents had already overseen a transfer of data to the cloud; 33% were “likely over the next 24 months” to migrate; and 19% replied that they didn’t have any plans to move.

Similarly, there is an intriguing balance with regard to liability for secure confidential data in the cloud.

According to the survey, more IT professionals believed that it was the job of the cloud provider (44%) than the consumer (30%) for liability, but could it be argued that these numbers are closer than one would presume?

The report was particularly keen to notice trends in different countries, with France the most likely to entrust responsibility to the cloud provider and Japan the likeliest to apportion the authority to the consumer.

However one of the most worrying trends relates to the aspect of security compromise.

39% of those surveyed believed that cloud adoption has weakened their data security, with only 10% claiming their security had increased due to moving to the cloud. 44% of respondents were ambivalent.

Perhaps even more alarmingly, 63% of those surveyed said they were unaware of what measures cloud providers were taking in protecting their data.

According to Larry Ponemon, chairman of Ponemon Institute, the results show that for the majority of customers, the economic benefits of the cloud outweigh the security concerns.

“What is perhaps most surprising is that nearly two thirds of those that move sensitive data to the cloud regard their service providers as being primarily responsible for protecting that data,” he continued, adding, “even though a similar number have little or no knowledge about what measures their providers have put in place to protect data”.

Despite a promising number of companies looking to trust their confidential data in the cloud, is it a case of ostriches with their heads in the sand in terms of how it’s being protected? Share your view in the comments...

Related Stories

Leave a comment


This will only be used to quickly provide signup information and will not allow us to post to your account or appear on your timeline.

12 Aug 2012, 2:27 p.m.

Not all Clouds are made equal and it is fair for customers to question cloud providers of the data security and sovereignty that will effect their own data.

Customers need to understand what questions to ask! Not just where is your data centre, but where is the secondary data centre, confirm your data will actually be on these centres, where are backups held, who has access to the data, what contractual terms are in place around customer data, how easy is it to extract all customer data from the service and can it be instigated yourself and at no cost (and how often?).

For core cloud providers these questions will be no issue and the answers you get will be clear, understandable and give you confidence and security. Not all will be able to answer these however with clarity or answers you will want to hear!

Ian Moyse