Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Member Portal
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Member Portal
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Cloud 101CircleEventsBlog
Master CSA’s Security, Trust, Assurance, and Risk program—download the STAR Prep Kit for essential tools to enhance your assurance!

The State of Cloud Data Security

Published 08/22/2022

Home
Industry Insights
The State of Cloud Data Security
Written by Megan Theimer, Content Program Specialist, CSA.

Sensitive Data in the Cloud survey report cover

We know that the cloud is ever growing in popularity, with new organizations undergoing their digital transformations each day. However, when it comes to security, particularly the security of our most sensitive data, are organizations keeping up with the pace of cloud adoption?

To answer this question, Anjuna commissioned CSA to develop the Sensitive Data in the Cloud survey. The survey was conducted online in April 2022 and received 452 responses from IT and security professionals from organizations of various sizes and locations. The goal was to better understand the industry’s knowledge, attitudes, and opinions regarding sensitive data in the cloud. We were particularly interested in:

  • Cloud use and data security issues
  • Cloud data security challenges and priorities for the next year
  • Approaches to hosting sensitive data and workloads in the cloud
  • Familiarity with cloud and data security technologies

This blog will cover the three key findings of the survey. Make sure to check out the survey report for a much more detailed rundown of all our results and observations.

Most organizations have sensitive data in the cloud

89% of organizations host sensitive data or workloads in the cloud. Of those organizations:

  • 67% host some sensitive data in the public cloud
  • 45% host some sensitive data in the private cloud

It appears that many organizations have overcome any initial apprehension around the cloud and the perceived insufficiencies of its security.

On the other hand, 11% of organizations reported not keeping sensitive data in the cloud. When asked what was preventing them from doing so, the most common responses were:

  • Regulatory requirements (23%)
  • Concerns about access controls (23%)
  • Concerns about the security of the cloud service provider (CSP) (21%)

These organizations should prioritize finding strategies that address their key concerns about the cloud, allowing them to keep pace with their counterparts.

Organizations aren’t confident in their own cloud data security abilities

Most organizations report that the security controls of their CSP are highly effective (38%) or somewhat effective (51%). However, organizations feel less confident in their own ability to protect sensitive data in the cloud, with most respondents feeling slightly (31%) or moderately (44%) confident.

Despite this low confidence, we know that 89% of organizations have sensitive data in the cloud. It’s time for these organizations to step up and address the protection of the data layer, instead of just relying on the soundness of their CSP’s security controls.

Over half of organizations plan to implement emerging data security solutions

Fortunately, while many organizations have doubts about their ability to protect sensitive data, many organizations also have plans to address this issue. Over half of organizations plan to implement emerging solutions such as homomorphic encryption (59%) and confidential computing (55%) within the next couple years.

This trend is quite notable, considering these technologies are newer and indicate a market shift. However, these estimations may be idealized or inflated due to the incorporation of these solutions in other products, as well as recent marketing by CSPs about these solutions.

Conclusion

The vast majority of organizations host sensitive data or workloads in the cloud. This can in part be attributed to organizations’ confidence in the effectiveness of the security controls offered by CSPs. Despite this confidence in cloud security and CSPs’ security controls, organizations still have reservations about their own ability to protect their sensitive data in the cloud.

This gap between the perceived effectiveness of CSP security controls and the confidence in organizations’ own abilities to protect sensitive data in the cloud could be due to the difference in security resources when comparing CSP and cloud users. We can see that organizations need to implement additional security measures beyond CSPs’ built-in security features. This is further evidenced by the clear interest in emerging security solutions such as homomorphic encryption and confidential computing.

To dive further into the results of this survey, read the full survey report here.

Enhancing cloud security strategySurveysTransitioning to the cloud

Share this content on your favorite social network today!

Latest from CSA
Mark Your Calendar for Cyber Monday!
Map the Transaction Flows for Zero Trust
Advance AI Risk Management
Enhance your cloud security skills with CSA's online training options.
Related Articles:
The Lost Art of Visibility, in the World of Clouds

Published: 11/20/2024

Group-Based Permissions and IGA Shortcomings in the Cloud

Published: 11/18/2024

9 Tips to Simplify and Improve Unstructured Data Security

Published: 11/18/2024

How AI Changes End-User Experience Optimization and Can Reinvent IT

Published: 11/15/2024