Welcome
About
News
Anonymous Reporting
Tools
MCA Chatter
Library
V-ID Terminal
Support
My Account

News

Icon representing US Coast Guard Bulletin: Cyber Adversaries Targeting Commercial Vessels
US Coast Guard Bulletin: Cyber Adversaries Targeting Commercial Vessels

June 21st 2019
Icon representing Would you pay $1m for a laptop full of malware?
Would you pay $1m for a laptop full of malware?

May 23rd 2019
Icon representing Singapore Opens Maritime Cybersecurity Operations Centre (MSOC)
Singapore Opens Maritime Cybersecurity Operations Centre (MSOC)

May 22nd 2019
 
 
 

Corporate Cloud Security Concerns

 
January 17th 2018
Less than a third (32%) of global organizations believe cloud security is a shared responsibility, with a similar number (34%) claiming it’s up to the cloud provider, according to new research from Gemalto.

The security firm’s 2018 Global Cloud Data Security Study revealed a worrying lack of awareness and security controls when it comes to protecting sensitive data in public cloud environments.

UK IT practitioners do not fare well: just 35% said they’re careful about sharing sensitive info with third parties via the cloud, while only half have security policies for cloud data — versus 61% and 65% of German respondents.

Most organizations globally believe payment information (54%) is at risk in the cloud, with 49% claiming the same for customer data, but half (49%) said cloud services actually make it more difficult to protect sensitive data.

Part of the problem lies with visibility: just 43% of IT practitioners globally said they were confident they know all the cloud services running in their organization, rising to 56% in the UK. Gemalto claimed over half (53%) of corporate cloud data on average is not managed or controlled by IT.

This could spell problems, with over half (57%) of respondents claiming the cloud increases compliance risks.

That’s especially concerning given that the forthcoming GDPR lands in May. The regulation is clear that any breaches in the cloud are the responsibility of both the data controller and the processor (CSP).

Joe Pindar, Gemalto director of product strategy, told Infosecurity that organizations must take responsibility for the data they collect and store, because “it only takes one hacker to get through to cause a major issue.”

"If GDPR doesn't compel organizations to have a mindset change towards data security in the cloud and across their entire network, then I don't know what will,” he added.

“The fear of being exposed, the cost, and the reputational damage should be enough to increase business implementation of techniques such as encryption and data pseudonymisation to protect consumers.”

However, less than half of IT professionals claimed to have a policy requiring safeguards like encryption.

Of those that do use it, just 52% claimed their organization is in control of the encryption keys.

Source


Keywords