Companies trust cloud providers too much, report says

While the use of cloud computing for sensitive data and applications is growing, many companies are still trusting providers to protect information without verifying their security practices. 

That’s the message in a recent study from the Ponemon Institute.

The good news: Cloud computing providers are getting better at protecting data — or at least, organizations are starting to trust providers more. Among the 4,200 business and IT managers surveyed, 57% of respondents said cloud providers were capable of keeping information secure, up from 41% last year.

The result: More than half of companies (53%) are putting sensitive data in the hands of cloud providers, and another 31% will do so in the next year or two

However, according to 35% of survey respondents, putting that data in the cloud leaves their organizations more open to security risks.

Many companies (41%) view security as the responsibility of the cloud provider. In comparison, 29% said security is the user’s job, while 22% said there’s a shared responsibility.

Despite that, many organizations have no idea what — if any — steps their cloud providers are taking to protect data. Just 35% of companies in the US said they’re aware of their vendors’ security practices. That’s up just slightly from 32% last year.

Make sure data’s encrypted

To protect data, companies should be keeping a closer eye on cloud providers’ security practices. One of the most important things to look for: encryption.

As with many other situations, encryption is an important tool that should be used to protect information when it’s stored in the cloud. However, the Ponemon report shows that while encryption is commonly used when businesses put sensitive data in the hands of a cloud computing provider, methods for encrypting that data vary.

Most experts recommend encrypting data at all stages of the process, including while it’s being transferred to and from the cloud and while it’s at rest on the provider’s servers. However, just 31% of organizations use that end-to-end encryption.

For the rest of companies, 37% encrypt data as it’s being transferred, while 11% encrypt it while it’s stored in the cloud, and another 11% say the provider encrypts the data while it’s stored.