Although encryption and tokenization are identified as significant factors for protecting sensitive information, less than an average of 46% of such data is encrypted when transferred to the cloud environment and only an average of 43% is secured with encryption and key management. In cloud security, lack of encryption and poor management of keys can be the “Achilles’ heel”. If you remember Greek mythology, the Greeks almost lost the Trojan War because of Achilles’ heel. Who are you going to blame for if something goes wrong? Encrypt Everything and Control the Keys Responsibility and accountability are the cornerstones for an effective security program, whether for on-premise, hybrid or multi-cloud environments. Speaking about roles and responsibilities, another worrying finding of the 2019 Cloud Security Study is that only 50% of the organizations that were surveyed have established clearly defined roles and accountability for safeguarding confidential or sensitive information stored in the cloud. The provider is responsible only for the underlying infrastructure. Whatever you store, whatever services you are using “in the cloud”, it is your responsibility to configure them correctly and to assume responsibility and accountability if something goes wrong. Let me repeat this once more: “security in the cloud” is the sole responsibility of the customer, that is you. Organizations present an inability in understanding the shared responsibility model when it comes to security. It is no wonder that more and more data breaches are due to misconfigurations or inadequate security settings in cloud provided services and applications. Or, even worse, what is someone steals the keys from your neighbor? Sure, you trust your neighbor but what if they lose your keys?. Handing over the responsibility of the security for your data to your cloud provider is a bit like giving the keys to your house to your neighbor.
You Are Responsible for Securing Your Data in the Cloud 35% of the organizations believe that cloud service providers bear the most responsibility for the sensitive data they store in the cloud (35%). Despite the sensitivity of the data stored in the cloud, less than half (49%) of organizations are encrypting them in the cloud. This corporate data is most notably consumer information (60%), data (46%) and business emails (48%). Nearly half (48%) of corporate data is stored in the cloud.
0 kommentar(er)
