A new study reveals good and bad news when it comes to cloud services adoption. On one hand, businesses are more comfortable storing data in the cloud. On the other hand, some businesses are too comfortable, and as a result aren't thinking about cloud security.
The Ponemon Institue surveyed over 4,000 SMBs and found that more than 50 percent are currently using cloud services to store confidential data, aligning with recent research that trust in the cloud is steadily increasing.
However, many organizations are not encrypting their data before sending it to the cloud, leaving confidential information wide open.
Is it the responsibility of the organization or its IT provider to ensure data is stored safely?
That depends on whom you ask. About half of infrastructure-as-a-service/platform-as-a-service (IaaS/PaaS) users agree it’s a joint effort between their organizations and their vendors, while software-as-a-service (SaaS) users leave it up to you, the MSP.
While 35 percent of those surveyed know how you are safely storing their data, about half of the SaaS group admits they do not.
As an MSP, it is important to get clients up to speed on best practices for data security, especially virus protection, and educate clients on how you are storing and securing their information.
More than 40 percent of SMBs who are encrypting stored data do so before sending it to the cloud, with more than half encrypting after.
The study also raised the issue of private encryption key ownership.
According to Ponemon, only 18 percent of organizations allow their providers to maintain complete ownership over encryption keys, with 34 percent controlling the keys themselves, the study said.
Private key ownership can be a sensitive subject since it has everything to do with data access. VP of Sales Rob Merklinger wrote about this several months ago, explaining how Intronis allows MSPs to retain ownership of their encryption keys.
As Richard Moulds, vice president strategy at Thales e-Security explains, the party that controls the encryption key needs to be competent at managing it.
"Very often, the way that keys are managed makes all the difference, with poor implementations dramatically reducing effectiveness and driving up costs," said Moulds. "Deployed correctly, encryption can help organizations to migrate sensitive data and high-risk applications to the cloud, allowing them to safely unlock the full potential for economic benefit the cloud can deliver."
Photo credit: Peter Taylor at Flickr, used under CC Atttribution-ShareAlike 2.0