The majority of IT security professionals don’t have full visibility into where all their organization’s sensitive data resides, according to Perspecsys.
Challenges with tracking where sensitive and regulated data is flowing, and the inability to control that flow in outsourced environments such as SaaS cloud applications, where it can move freely between data centers and cloud provider’s partner’s systems, is a key challenge for enterprises in regulated sectors.
More than 125 attendees at RSA Conference 2015 took the survey, which was conducted via in-person interviews by Perspecsys. The results interestingly reveal a split decision when it comes to trust in Cloud Service Providers (CSPs): 52 percent of respondents say they trust their CSP to take care of protecting and controlling their enterprise data and the other half (48 percent) do not.
Enterprises need to consider encrypting or tokenizing any sensitive data before it goes to the cloud, so they retain full control of their information while it is in-transit to the cloud, while it is stored at-rest in the cloud and while it is in-use being processed in the cloud.
IDC forecasts that public IT cloud services will account for more than half of global software, server, and storage spending growth by 2018. The Perspecsys survey findings align with this projection, with 67 percent of respondents preferring to store the majority of enterprise data in the cloud – that is – if data privacy and compliance regulations could be addressed. Interestingly, the current perception remains that private cloud is more secure than its public cloud cousins. For example:
- About half of respondents say existing or impending data privacy regulations impact up to 50 percent of their cloud strategy
- The majority of respondents still house less than a quarter of their data in public cloud environments
- About a third claim no public cloud use at any level (IaaS, PaaS or SaaS), as far as they know.