Businesses are unable to determine the threat to nearly 60% of their confidential cloud data, warns new research from Ponemon Research. Early findings from the “The State of Data Security Intelligence” study, explored how UK organisations are approaching data security, reveals that businesses are failing to identify sensitive or confidential information.
Less than half (45%) of the businesses polled have a common process in place for discovering and classifying the sensitive or confidential data on premise and only a quarter have a process in place for data in the cloud.
As the data in use by businesses grows their ability to know where sensitive or confidential data resides becomes more of a problem. The survey found organisations are relying more and more on automated solutions to help them discover sensitive or confidential data and assess the risk, with on average, 46% are using such tools for data on premise and 34% for data in the cloud.
The research also reveals that if an organisation does not know what sensitive data it has on premise, then it is highly unlikely that it will understand what it has moved to the cloud for platform or application services.
Overall, 30% of the sensitive or confidential data located in the cloud is believed to be at risk and despite respondents being more concerned about data security in the cloud than they are about data on-premise, only 32% of organisations have a common process for assessing the threats, creating a blind spot in security.
More than half (54%) of respondents admit they are not confident in their ability to proactively respond to a new threat in the cloud highlighting that data growth and proliferation from, and within, the cloud raises security and privacy risks if not carefully understood and managed.
In contrast, just less than a third (28%) of the sensitive or confidential data located on premise is deemed to be at risk and 42% of businesses have a common process for accessing the threats, with 55% claiming that they are confident in their ability to proactively respond to a new threat.
“The survey highlights that whilst organisations continue to fear cyberattacks, what really keeps them up at night is the unknown. Namely not knowing where data is and the associated risk to it,” said Dr. Larry Ponemon, chairman and founder, Ponemon Institute. “Whilst businesses are more confident about having data on premise, the shift towards cloud computing is continuing to accelerate and organisations can’t afford to be held back by data security concerns. Instead, security practitioners need to get a handle on the classification of data so that they can feel more confident about the information that they are moving to the cloud. Regardless of whether information is held on premise or in the cloud, data governance protocols should be the same. ”