28% of organisations using public cloud are not encrypting data stored there, according to a survey released by the US IT company HyTrust.[1]
The cloud adoption survey interviewed more than 400 executives across different industries attending the VMworld conference, a global cloud computing conference. The most staggering finding was that while 46% listed their greatest concern as security, 28% of those deploying data, applications and workloads on public clouds were doing nothing to encrypt data.
This survey follows release of the 2016 Gemalto and Ponemon Institute Study, which found that only a third of ‘sensitive’ data stored in cloud-based applications is encrypted. The 2016 Global Cloud Data Security Study, which surveyed more than 3,400 IT and IT security practitioners worldwide earlier this year, also discovered over half of companies do not have a proactive approach for compliance with privacy and security regulations for data in cloud environments.
Clearly there is work to be done. Organisations need more information about how to safely and securely use cloud services while complying with the law. However, regulations are increasingly putting the onus back on the companies themselves. The new realities of cloud mean that organisations need to set comprehensive policies for data governance, compliance and encryption.
[1] HyTrust cloud adoption survey, August 2016 https://www.entrust.com/?submissionGuid=4eb746c3-dfe2-42ef-92bc-293431f17f46