More companies moving sensitive data to the cloud - but who's responsible?
More and more companies are transferring sensitive data to the cloud, according to the latest report from Thales e-Security and the Ponemon Institute on cloudy data encryption.
Over half (53%) of survey respondents said they were transferring such data, with a further 31% stating they were looking to push ahead in the next 12 months.
The report, one in a series of overall encryption trends, concludes that organisations, instead of not noticing the cloud security warnings, or even simply ignoring them, are aware that their security is being threatened, but are still pushing ahead with change.
35% of those polled said that moving sensitive and confidential data to the cloud has “decreased their security posture”, with 15% saying the opposite. The previous year’s survey revealed that 39% felt cloudy data transfer had weakened security, which, although hollow, is something of a victory.
Similarly, companies feel more confident in cloud service providers’ (CSP) role in protecting data. 57% of respondents either “agree” or “strongly agree” that the vendor can safeguard data, up from 41% the year before.
This leads to the inevitable question: who is ultimately responsible for the data; the end user or the CSP?
The Thales report concluded that, overall, respondents believe responsibility lies with the service provider. One in three (33%) said it was the CSP’s burden, whilst 12% said it rested with the consumer.
This is a view which may not be universally agreed upon, of course. Back in February Marie Shroff, the New Zealand Privacy Commissioner, published a document saying explicitly that cloud data was the user’s responsibility.
“If there’s a privacy breach, you’re going to be the one answering questions about what went wrong”, she wrote.
Where the report does pick up interest, however, is that responsibility differs by service. For software as a service, three in five say that the provider should be responsible, but in the case of infrastructure as a service, 43% believed responsibility lied with the user.
This is still evidently a big issue – given that a study earlier this year from Lieberman Research revealed how almost nine in 10 (88%) of IT professionals believed data in the cloud could be either lost, stolen or corrupted, companies have a pressing need to get this right.
“Staying in control of sensitive or confidential data is paramount for most organisations today, and yet our survey shows they are transferring ever more of their most valuable data assets to the cloud,” said Ponemon Institute founder Larry Ponemon in a statement.
“Respondents generally feel better informed, more confident in their cloud service providers and more positive about the impact on their security posture compared with last year,” he added.
What’s your view? Who bears ultimate responsibility for where that data goes; the CSP or the user? And does it vary by service?
- » Cloud security woes strike again – and it’s double trouble for multi-cloud users, research finds
- » The continuing rise of Kubernetes analysed: Security struggles and lifecycle learnings
- » Microsoft to acquire cloud migration tool provider Movere
- » VMworld 2019: Going big on Kubernetes, Azure availability - and a key ethical message
- » Why it continues to make sense for IT ops to move to the cloud: A guide