Cloud 101CircleEventsBlog
Master CSA’s Security, Trust, Assurance, and Risk program—download the STAR Prep Kit for essential tools to enhance your assurance!

The State of Cloud Data Security

Published 08/22/2022

The State of Cloud Data Security
Written by Megan Theimer, Content Program Specialist, CSA.

Sensitive Data in the Cloud survey report cover

We know that the cloud is ever growing in popularity, with new organizations undergoing their digital transformations each day. However, when it comes to security, particularly the security of our most sensitive data, are organizations keeping up with the pace of cloud adoption?

To answer this question, Anjuna commissioned CSA to develop the Sensitive Data in the Cloud survey. The survey was conducted online in April 2022 and received 452 responses from IT and security professionals from organizations of various sizes and locations. The goal was to better understand the industry’s knowledge, attitudes, and opinions regarding sensitive data in the cloud. We were particularly interested in:

  • Cloud use and data security issues
  • Cloud data security challenges and priorities for the next year
  • Approaches to hosting sensitive data and workloads in the cloud
  • Familiarity with cloud and data security technologies

This blog will cover the three key findings of the survey. Make sure to check out the survey report for a much more detailed rundown of all our results and observations.

Most organizations have sensitive data in the cloud

89% of organizations host sensitive data or workloads in the cloud. Of those organizations:

  • 67% host some sensitive data in the public cloud
  • 45% host some sensitive data in the private cloud

It appears that many organizations have overcome any initial apprehension around the cloud and the perceived insufficiencies of its security.

On the other hand, 11% of organizations reported not keeping sensitive data in the cloud. When asked what was preventing them from doing so, the most common responses were:

  • Regulatory requirements (23%)
  • Concerns about access controls (23%)
  • Concerns about the security of the cloud service provider (CSP) (21%)

These organizations should prioritize finding strategies that address their key concerns about the cloud, allowing them to keep pace with their counterparts.

Organizations aren’t confident in their own cloud data security abilities

Most organizations report that the security controls of their CSP are highly effective (38%) or somewhat effective (51%). However, organizations feel less confident in their own ability to protect sensitive data in the cloud, with most respondents feeling slightly (31%) or moderately (44%) confident.

Despite this low confidence, we know that 89% of organizations have sensitive data in the cloud. It’s time for these organizations to step up and address the protection of the data layer, instead of just relying on the soundness of their CSP’s security controls.

Over half of organizations plan to implement emerging data security solutions

Fortunately, while many organizations have doubts about their ability to protect sensitive data, many organizations also have plans to address this issue. Over half of organizations plan to implement emerging solutions such as homomorphic encryption (59%) and confidential computing (55%) within the next couple years.

This trend is quite notable, considering these technologies are newer and indicate a market shift. However, these estimations may be idealized or inflated due to the incorporation of these solutions in other products, as well as recent marketing by CSPs about these solutions.

Conclusion

The vast majority of organizations host sensitive data or workloads in the cloud. This can in part be attributed to organizations’ confidence in the effectiveness of the security controls offered by CSPs. Despite this confidence in cloud security and CSPs’ security controls, organizations still have reservations about their own ability to protect their sensitive data in the cloud.

This gap between the perceived effectiveness of CSP security controls and the confidence in organizations’ own abilities to protect sensitive data in the cloud could be due to the difference in security resources when comparing CSP and cloud users. We can see that organizations need to implement additional security measures beyond CSPs’ built-in security features. This is further evidenced by the clear interest in emerging security solutions such as homomorphic encryption and confidential computing.

To dive further into the results of this survey, read the full survey report here.

Share this content on your favorite social network today!