New report shows finance sector becoming more comfortable with cloud adoption
Analysing cloud adoption across industry verticals, the banking and financial industry is as good a yardstick as any to assess progress due to its stringent data security requirements. A new report from CipherCloud shows financial firms have an increased confidence in cloud technologies; 100% of respondents said they put certain personally identifiable information (PII) in the cloud.
This does not extend to all PII however – only one in three respondents said they use the cloud to store particularly sensitive data, such as social security numbers, birth dates and tax IDs. Yet there is a clear trend from financial firms to improve security as the sensitivity of data increases. 40% of organisations polled say that for the most sensitive information, they use tokenisation and strong encryption.
One of the more interesting facets of the report related around how companies classify their data. CipherCloud asked respondents to put their data in four categories; highly sensitive PII; regular PII; personal finance data; and business sensitive data. Intriguingly, a piece of ‘highly sensitive’ data at one company can be relegated to standard ‘regular PII’ at another. The most extreme example is ‘Name’ – some banking firms, perhaps more associated with private banking or high net worth customers, see this as highly sensitive information.
The report also examined the differences over businesses using encryption or tokenisation to protect data. For business sensitive data, the response was a clear 100% for encryption. 15% of finance organisations use tokenisation for personal finance data and 13% for regular PII.
“It’s not surprising to see that encryption is the predominant choice for those seeking to protect business-sensitive data,” the report notes. “As this category of data is typically non-critical, few are utilising heavyweight tokenisation to protect business sensitive data.”
The report also examined the protection techniques companies utilised for structured PII fields; for email addresses, 91% of those polled used format-preserving encryption, while that number dropped to 82% for phone numbers. The other respondents favoured tokenisation (9% email) or length-restricting encryption (18% phone).
- » Organisations struggling with sensitive cloud data as they shun security-first approach
- » Moving from DevOps to modern ops: Why there is no room for silos when it comes to cloud security
- » How companies can tell good cloud sprawl from bad: A guide
- » Overused but misunderstood: Unlocking clarity and confidence in the cloud
- » Puppet’s 2019 State of DevOps report: How security needs to fit into continuous delivery