Nearly half of organisations ignore encryption in cloud data transfers

Report finds that organisations keep encryption a low priority despite storing sensitive data in cloud

Just over half (56 per cent) of firms are transferring data to the cloud without worrying about its security.

According to the 2016 Global Encryption and Key Management Trends Study, over half of firms worldwide are already transferring transfer sensitive or confidential data to the cloud whether or not it is encrypted or made unreadable via some other mechanism such as tokenisation or data masking. Another 28 per cent of respondents expect to do so in the next one to two years.

The study, carried out by the Poneman Institute and commissioned by Thales, found that 44 per cent of organisations encrypt data stored in the cloud, but 39 per cent said they have no plans to make this data unreadable. The report said that 52 per cent of respondents believed the most prominent threat to sensitive or confidential data was employee mistakes.

Support for both cloud and on-premise deployment was rated the most important consideration when deploying encryption solutions while employee and HR data is the most commonly encrypted data – higher even than payment data, intellectual property or financial records – indicating a higher sensitivity to protecting personal information.

The survey of more than 5,000 business and IT managers found that for 61 per cent of respondents, compliance was the main drive of encryption. About 50 per cent mentioned protecting enterprise intellectual property as the main driver while 49 per cent said the main drive for encryption was protecting information against specific, identified threats.

Peter Galvin, Vice President of strategy at Thales e-Security, said: “As businesses increasingly turn to cloud services, we’re seeing a rapid rise in sensitive or confidential data being transferred to the cloud and yet only a third of respondents had an overall, consistently applied encryption strategy.

“Encryption is now widely accepted as best-practice for protecting data, and a good encryption strategy depends on well-implemented encryption and proper key management.”