Survey: About half of organizations use cloud-based services for sensitive data

By , Network World |  Security

About half of the information technology and security professionals asked whether they use external cloud-based services for sensitive or confidential data said they did -- but their approaches to encrypting data in the cloud vary widely, according to the findings of the survey published today.

The "Encryption in the Cloud" survey done by Ponemon Institute sought the opinions of more than 4,000 IT professionals in seven countries, including the U.S. About 38% of the respondents said their organizations rely on encryption of data as it's transferred, typically over the Internet, to the cloud. Another 35% said their organizations encrypt data before it's transmitted to the cloud provider so that it remains encrypted within the cloud. 27% answered their organizations perform encryption within the cloud environment, with 16% of those selectively encrypting at the application layer, and 11% letting the cloud provider encrypt stored data as a service.

MORE: Amazon opens up about its cloud security practices, joins CSA registry

The survey, sponsored by Thales e-Security, included the U.S., United Kingdom, Germany, France, Australia, Japan and Brazil.

When it comes to the question of managing encryption keys when sensitive or confidential data is transferred to the cloud, 36% of the survey respondents say their organization is responsible for managing the keys. 22% say the cloud provider is the one most responsible for encryption key management. Another 22% say an independent third party in the role of a service provider is most responsible for the key management.

"Even in cases where encryption is performed outside the cloud, more than half of respondents hand over the keys," the survey report says.

The trend to transfer sensitive or confidential data to cloud environments seems to be a growing trend, according to the survey, with another one-third of the survey's respondents saying they, too, are likely to transfer sensitive or confidential data to the cloud over the next two years.

Originally published on Network World |  Click here to read the original story.
Join us:






Answers - Powered by ITworld

Ask a Question