Businesses are deciding in increasing numbers to move their sensitive data to the cloud, despite a belief among many that their security posture is being reduced, according to a survey released this week.
And, this desire by organizations to transfer sensitive data to the cloud represents a significant opportunity for cloud providers to win business, according to security experts.
The survey, "Encryption in the Cloud," was carried out by the Ponemon Institute and commissioned by data security company Thales e-Security.
The survey of 1,140 business and IT managers found that 49 percent of respondents said their organizations have moved sensitive data to a cloud environment, with 33 percent planning to transfer such data to the cloud in the next two years.
However, a significant portion of the respondents said their data was less secure with the transfer, and that they were unsure who was protecting it.
In addition, 39 percent of the organizations said their security posture was reduced by moving to the cloud, while 44 percent said their security posture was unchanged.
The survey found that 44 percent of organizations believed a cloud provider was responsible for protecting the data, while 30 percent thought the cloud customer was responsible.
Sixty-three percent of organizations said they didn't know what steps cloud providers were taking to secure sensitive date.
The survey also said that companies with strong security characteristic appeared more likely to move data to the cloud. "In other words, companies that underrated security appear to be willing and able to take advantage of the cloud," the report said.
Larry Ponemon, the chairman and founder of the Ponemon Institute, said he found it "sobering" that 49 percent of organizations already move sensitive data to the cloud, while 39 percent said their security posture has been reduced by such a move, a sign that economic benefits for companies outweigh security concerns.
"What is perhaps most surprising is that nearly two thirds of those that move sensitive data to the cloud regard their service providers as being primarily responsible for protecting that data, even though a similar number have little or no knowledge about what measures their providers have put in place to protect data," Ponemon said in a statement. "This represents an enormous opportunity for cloud providers to articulate what they are doing to secure data in the cloud and differentiate themselves from the competition.”
Ponemon could not be reached for comment Thursday.
Managed services providers can gain trust, and business, from companies by explaining their cloud security policies and outlining how they offer protection, Von Williams, director of information security for Logicalis, a Farmington Hills, Mich.-based cloud managed services provider, said in an interview with CRN Thursday.
Williams said perceptions by businesses that security posture may be weakened by moving to the cloud can be dispelled by meetings beforehand with cloud providers such as Logicalis.
He said Logicalis provides a detailed security framework to its customers and backs it up with extensive security policies.
"My advice for people looking at the cloud is [to] make sure you bring the right people with technical expertise to outline their needs," Williams said.
PUBLISHED AUG. 9, 2012