How Cloud Customers Are Securing Their Data

Securing The Cloud

CipherCloud recently released its first Global Cloud Data Security Report.

The cloud security vendor, headquartered in San Jose, Calif., asked its customers around the world -- with 65 percent of respondents from North America -- what was driving their cloud adoption, what barriers were holding it back, and how they were protecting their data in the cloud.

The study provides insights into how organizations of different sizes and verticals, predominantly health care, banking and finance, telecommunications and government, are going about data security in the cloud.

Most of the respondents were mature cloud users, but a small percentage were just getting started on their cloud journeys.

A Fundamental Transformation

"Cloud computing is fundamentally transforming the way organizations deliver IT functions. Faster time to market, reduced capital expenditure costs, and on-demand flexible scaling are just a few of the benefits of adopting cloud," the CipherCloud report states.

At the same time, CipherCloud learned from the survey that it wasn't technological challenges, but regulatory hurdles, that were holding back enterprises.

Compelling Events

Almost half of cloud adoption projects cited by respondents were triggered by the desire to introduce new cloud tools and services.

Those tools and services were diverse -- everything from mortgage application portals to medical file portals to self-service portals for government services.

"These upgrades provide a uniform interface to maintain a consistent customer experience," the report states.

Information Collaboration

Of the compelling events driving adoption, another 22 percent of respondents adopted the cloud to replace legacy enterprise applications; 11 percent said they were looking for help in information collaboration, 8 percent were looking for a consolidated data view; and 4 percent wanted to consolidate data centers.

Those reasons, CipherCloud noted, all focus on improving traditional methods of information collaboration.

Infrastructure costs accounted for the final 8 percent of respondent migrations.

Adoption By Industry

Eight-eight percent of CipherCloud customers responding to the survey came from only four industries: health care and pharmaceuticals, 38 percent; banking and finance, 25 percent; telecommunications, 16 percent; government, 9 percent.

While adoption is becoming pervasive across industries, government and self-imposed regulations across those four industries make them even more likely to adopt data-protection strategies for their cloud environments.

Two Mature Industries

Across global deployments, financial services and health care companies have the most complex data-protection requirements. Those two industries also can boast the most mature strategies.

The highest percentage of users implementing cloud security measures were in the health care and pharmaceuticals industries, which must adhere to Protected Health Information and other privacy policies imposed by regional and local governments.

"The banking and finance, telecommunications, and government sectors also recognize that traditional security measures, such as perimeter defenses, are not sufficient in meeting the increasing number of cloud security threats and regulations," the report states.

Security Challenges

The fundamental challenges in securing data in the cloud "are not limited to technology but also extend to legal, financial and political influences," according to CipherCloud.

CipherCloud's users reported that regulatory compliance requirements, such as data residency and information security standards, were their main obstacle.

Almost two-thirds of respondents said their top challenge with adopting a cloud solution came from the combination of audit, compliance and privacy. Another 32 percent said it was unprotected data for documents.

Only 2 percent cited malware protection for documents, and another 2 percent the lack of secure collaboration and file-sharing methods as their top challenges in adopting the cloud.

Regulatory Challenges

CipherCloud inquired deeper into their customers' concerns about audit, compliance and privacy.

Fifty-eight percent said they were concerned with violating data protection laws in their country, 31 percent were more worried about adherence to internal security policies and the final 11 percent were concerned with adhering to data residency regulations.

"Several organizations are proactively instituting self-imposed data security regulations for any cloud-based application," the report notes, adding those internal regulations extend existing security policies and best practices within the enterprise.

"The primary concern associated with self-regulation is the lack of data classification standards," according to CipherCloud.

Enterprise Requirements

Both adoption benefits and security challenges compel organizations to investigate potential solutions for mitigating risks to data in the cloud.

"New solutions that provide cloud data protection methods while maintaining operational functionality are key components for adopting a cloud strategy," the CipherCloud report states.

Respondents prioritized their protection requirements:

Forty-nine percent cited data encryption, 20 percent said enterprise infrastructure integration and 14 percent cloud eco-system integration (both workflow requirements necessary for security deployments) and 9 percent said data tokenization.

Rounding out the final 8 percent was data threat protection, data loss protection and data integrity monitoring.

Data Classification Requirements

The need to protect data and prioritize use-cases requires organizations to assess two data classification methods: encryption or tokenization.

"Both methods have their unique value proposition, however, application functionality and associated workflows are the deciding factor in selecting a method," the report states.

To Encrypt Or Tokenize

Worldwide, 81 percent of users protect their data with encryption, and the remaining 19 percent use tokenization.

In North America, the ratio skews even higher toward encryption, with an 85 to 15 percent split.

"North American organizations predominantly utilize encryption methods due to function preservation and the ability to search, sort and filter their data," the report states.

Regulatory requirements regarding data residency in the Asia-Pacific region account for the division between encryption and tokenization being 50-50. The Latin American businesses surveyed all used encryption.

Conclusions

CipherCloud's inaugural data security survey reached three fundamental conclusions:

- Cloud security data protection challenges are resolvable.

- Customers have successfully secured their cloud data.

- Customers have access to industry best practices.

"As organizations continue to evolve their cloud adoption strategy, they are leveraging industry best practices and mapping them to the applicable use case. These mappings are ensuring the appropriate level of data protection is in place and that cloud adoption is accomplished successfully," the report concluded.