The Q2 2015 Global Cloud Data Security Report from CipherCloud looks at how financial services firms are using and protecting their data in the cloud, and it seems like the financial services industry is actively embracing the cloud.
The study looked across the CipherCloud user base of over 50 major global banking and financial services and found that financial services firms are aggressively using cloud and proactively securing data in cloud environments:
Nearly 100% of the firms in the study put personal identifiable data, such as names, addresses, phone numbers, in the cloud. A third (33%) use the cloud to store highly sensitive PIIs (Personal Identifiable Information) such as social security numbers, birth dates, tax IDs, etc. Nearly half (47%) use the cloud to process personal finance data, and the majority (53%) has business confidential data in the cloud.
However while the businesses are gung-ho about cloud they are confused over what sort of secure defence solutions to use on their cloud data. Each firm in the study uses one or some combination of data protection technologies, such as encryption or tokenisation, to protect these various categories of sensitive data. Two out of five (40%) firms with highly sensitive personal-identifiable information use tokenisation for protection. Interestingly as the sensitivity of data goes up, so is the tendency of using tokenisation and strong encryption schemes, and tokenisation is used progressively less as the criticality of data decreases.
Nearly two thirds (64%) of firms use searchable encryption to protect sensitive data while supporting business workflows, with firms trading-off searchability with security strength when the data is used in enterprise workflows to reference or index to other information.
The report concludes with a warning that until businesses sort out their inconsistent security practices, data protection gaps, and security blind spots they may “slow down the firms’ cloud migration journey and impede the business from fully capturing the potential of cloud computing.”