Only one in three (33%) IT professionals in the U.S. and 38% of those in the European Union have stopped or slowed their adoption of cloud services due to privacy concerns, finds a new report.
That’s not to say all security issues in the cloud have been solved. In fact, the report finds plenty of challenges still loom ahead. They include difficult regulatory compliance and a lack of visibility into sensitive data.
The new report, Data Protection and Privacy Compliance in the Cloud, is based on research sponsored by Microsoft and conducted by Ponemon Institute. The researchers surveyed nearly 1,050 IT pros in the U.S. and EU for this report.
Nearly half (45%) of those surveyed said their organizations operate a cloud infrastructure with just 1 primary service provider. The same percentage reported operating in multiple or hybrid cloud environments.
While security concerns aren’t slowing most organizations from pushing into the cloud, the survey finds plenty of issues for concern:
> Over half the respondents (53% in the U.S. and 60% in the EU) said they’re not confident that their organization’s SaaS and PaaS applications meet their privacy and data-protection requirements.
> Fewer than half (44%) of respondents vet their cloud-based software or platforms for privacy and data-security risks.
> Only about one in four (39%) are identifying information that’s too sensitive to be stored in the cloud.
> Fewer than one in three (29%) respondents have full 360-degree visibility into the sensitive data they collect, process or store in the cloud.
> A third (36%) expect their cloud service provider, rather than their own organization, to ensure the safety of SaaS applications. Only 9% believe that’s the responsibility of their IT security function.
> Nearly half (49%) the respondents rarely or never determine whether their cloud applications and platforms meet data-protection and privacy requirements.
> Nearly two-thirds (62%) of IT pros are not confident they even know all the cloud applications and platforms their organization uses.
To counter these challenges, IT pros are pushing hard with new tools and goals.
Respondents said that many privacy activities are actually easier to conduct in the cloud than on premises. These activities include obtaining compliance certificates, meeting legal obligations (such as GDPR), and retrieving data to comply with regulations.
Greater visibility remains a major goal. Nearly two-thirds (65%) of the survey respondents said broad visibility into their cloud-based data is essential and very important. And nearly as many (61%) said implementing a single interface to identify and authenticate users is also essential.
Encryption keys are a popular security tool, and two-thirds (66%) of respondents said their organizations have adopted a bring-your-own-key (BYOK) approach. About one in five (22%) plan to adopt BYOK in the next six months, and another 15% plan to do so in the next year.
Two-factor authentication has caught on too. Nearly three-quarters (73%) of respondents have either deployed 2FA for all or some of their cloud-based applications or plan to do so within the next year.
Ditto for single sign-on. Nearly one in three (34%) respondents use SSO now. And nearly half (46%) plan to adopt it within the year.
Learn more: Read the full Microsoft/Ponemon report, Data Protection and Privacy Compliance in the Cloud (24-page PDF).