Over half of all organizations store sensitive data in the cloud, and another 36 percent plan to do so, according to the third annual Trends in Cloud Encryption Study, which was released on Tuesday. The study, produced by the Ponemon Institute on behalf of Thales e-Security, further says that of those who store sensitive data in the cloud, only half use encryption.
The study is drawn from a survey of 4,275 business and IT managers in the US, U.K., Germany, France, Australia, Japan, Brazil and Russia.
Among the notable observations in the study, those with a strong security posture were found to be more likely to have sensitive data in the cloud.
Respondents’ perception of who is responsible for securing data in the cloud depends in part on what kind of cloud service is being used. IaaS and PaaS subscribers are considered to be primarily responsible for protecting their own data more than SaaS subscribers.
A software service which requires access to the data it receives must be sent the data in a form it can read, putting the onus for security much more on the service provider.
The use of encryption for data at rest in the cloud increased by 7 percent for SaaS and 9 percent for IaaS and PaaS from 2011 to 2013. During that period, data breaches and government surveillance have grown in profile, and the number of respondents who are knowledgeable about cloud provider security practices has risen from 29 to 35 percent.
Thirty-four percent of those surveyed say the organization has control over encryption keys for both data at rest and at the application level, while roughly half that many say they cloud provider controls the keys. Key Management Interoperability Protocol is seen as most important by 54 percent of respondents, a 12 percent jump from 2012.
The growth of cloud encryption seems to be lagging cloud adoption, but awareness is growing, which presents an opportunity to encryption service companies like CipherCloud, which released a free cloud visibility tool Wednesday.
It could also be an opportunity for other service providers who change their practices to adapt to the growing appetite for encryption, such as Yahoo, which detailed an extensive encryption plan in an early April blog post.