Since cloud computing became a big-time buzz word a few years ago, many surveys have asked IT pros, finance executives and other leaders about their thoughts on the Cloud and their companies’ plans for using the technology.
Most of those polls tell a similar story: Organizations are embracing cloud computing because of the opportunities to cut costs and increase flexibility, but some significant concerns about cloud security remain.
However, those concerns haven’t derailed many plans to use the Cloud for sensitive applications, as 49% of organizations say they transfer sensitive or confidential data to external cloud computing services, according to a recent Ponemon Institute study. Another 33% say they’re likely to do so within the next two years.
What impact has that had on the security of that sensitive data? Among the 4,140 business and IT managers surveyed, nearly half said their security has not gotten better or worse because of cloud computing. Just 10% say the Cloud has improved security, and 39% say information is less secure in the Cloud than it was before.
While many aspects of cloud security are out of the organization’s hands, there are many things IT can do that determine how safe data is when it’s held by a cloud computing provider. The Ponemon report reveals three common mistakes IT departments make that put data at risk in the Cloud:
1. Not encrypting sensitive data at all stages
Encrypting data is one of the keys to protecting sensitive information in the Cloud. And it’s important to encrypt data while it’s stored by a cloud computing service, as well as when it’s being transferred between the company and the cloud provider.
However, while 38% of organizations encrypt data during the transfer and 35% do so before it’s transferred, 16% said they encrypt data within the cloud environment, and 11% rely on the provider to encrypt the data once it’s there.
2. Trusting the vendor to handle cloud security
When asked who is responsible for keeping data secure in the Cloud, 44% said that was primarily the job of the cloud computing vendor, while 30% said the cloud customer has primary responsibility. Just 24% said the provider and costumer have a shared responsibility for cloud security.
But while providers certainly must do their part to protect data, companies must also take security precautions of their own, including encrypting data while it’s transferred and managing which users have access to cloud service accounts.
3. Skipping due diligence when choosing vendors
Even though the greatest number of organizations say the vendor is primarily responsible for handling cloud security, 63% of respondents admitted that they don’t know what cloud vendors are doing to protect the sensitive data entrusted to them.
Organizations should never sign up for a cloud computing service without first researching vendor’s security policies and practices. For a list of questions to ask to help prevent cloud security risks and other problems, read our 21-point checklist for choosing a cloud computing service.