The State of Cloud Data Security
Published 08/22/2022
We know that the cloud is ever growing in popularity, with new organizations undergoing their digital transformations each day. However, when it comes to security, particularly the security of our most sensitive data, are organizations keeping up with the pace of cloud adoption?
To answer this question, Anjuna commissioned CSA to develop the Sensitive Data in the Cloud survey. The survey was conducted online in April 2022 and received 452 responses from IT and security professionals from organizations of various sizes and locations. The goal was to better understand the industry’s knowledge, attitudes, and opinions regarding sensitive data in the cloud. We were particularly interested in:
- Cloud use and data security issues
- Cloud data security challenges and priorities for the next year
- Approaches to hosting sensitive data and workloads in the cloud
- Familiarity with cloud and data security technologies
This blog will cover the three key findings of the survey. Make sure to check out the survey report for a much more detailed rundown of all our results and observations.
Most organizations have sensitive data in the cloud
89% of organizations host sensitive data or workloads in the cloud. Of those organizations:
- 67% host some sensitive data in the public cloud
- 45% host some sensitive data in the private cloud
It appears that many organizations have overcome any initial apprehension around the cloud and the perceived insufficiencies of its security.
On the other hand, 11% of organizations reported not keeping sensitive data in the cloud. When asked what was preventing them from doing so, the most common responses were:
- Regulatory requirements (23%)
- Concerns about access controls (23%)
- Concerns about the security of the cloud service provider (CSP) (21%)
These organizations should prioritize finding strategies that address their key concerns about the cloud, allowing them to keep pace with their counterparts.
Organizations aren’t confident in their own cloud data security abilities
Most organizations report that the security controls of their CSP are highly effective (38%) or somewhat effective (51%). However, organizations feel less confident in their own ability to protect sensitive data in the cloud, with most respondents feeling slightly (31%) or moderately (44%) confident.
Despite this low confidence, we know that 89% of organizations have sensitive data in the cloud. It’s time for these organizations to step up and address the protection of the data layer, instead of just relying on the soundness of their CSP’s security controls.
Over half of organizations plan to implement emerging data security solutions
Fortunately, while many organizations have doubts about their ability to protect sensitive data, many organizations also have plans to address this issue. Over half of organizations plan to implement emerging solutions such as homomorphic encryption (59%) and confidential computing (55%) within the next couple years.
This trend is quite notable, considering these technologies are newer and indicate a market shift. However, these estimations may be idealized or inflated due to the incorporation of these solutions in other products, as well as recent marketing by CSPs about these solutions.
Conclusion
The vast majority of organizations host sensitive data or workloads in the cloud. This can in part be attributed to organizations’ confidence in the effectiveness of the security controls offered by CSPs. Despite this confidence in cloud security and CSPs’ security controls, organizations still have reservations about their own ability to protect their sensitive data in the cloud.
This gap between the perceived effectiveness of CSP security controls and the confidence in organizations’ own abilities to protect sensitive data in the cloud could be due to the difference in security resources when comparing CSP and cloud users. We can see that organizations need to implement additional security measures beyond CSPs’ built-in security features. This is further evidenced by the clear interest in emerging security solutions such as homomorphic encryption and confidential computing.
To dive further into the results of this survey, read the full survey report here.
Related Articles:
Threat Report: BEC and VEC Attacks Continue to Surge, Outpacing Legacy Solutions
Published: 11/08/2024
Modernization Strategies for Identity and Access Management
Published: 11/04/2024
Dispelling the ‘Straight Line’ Myth of Zero Trust Transformation
Published: 11/04/2024
Zero Standing Privileges: The Essentials
Published: 11/01/2024