Over half of security professionals will stop putting sensitive data in the cloud due to GDPR
LONDON, UK – 27 June 2017 – eperi, a leading provider of Cloud Data Protection (CDP) solutions, has disclosed the results of a survey of 250 IT security professionals that gives insight into what the new General Data Protection Regulation (GDPR) will mean for their organisations’ cloud practices. The study indicates uncertainty when it comes to cloud security as 53 % of respondents said that GDPR data security requirements would keep them from putting sensitive data in the cloud. For the majority (85%) this was due to their lack of confidence in the protection of sensitive data.
In addition, 72 % noted that they would have to re-evaluate their data security requirements in the cloud because of the regulation that comes into force May 2018.
“GDPR has meant that the age-old debate about the adequacy of security in the cloud has reared its head again,” said Ravi Pather, senior vice president of eperi. “Fines under the regulation seem to be the main driver for meeting compliance, as it’s likely to be an organisation killer for the worst offences. But with all of this hype, organisations must not forget that if they first and foremost secure the data that goes into the cloud through encryption or tokenisation and remain in control of the encryption keys, the scope of GDPR can be significantly reduced.”
Encrypting or tokenising data means that it is scrambled by an algorithm to such an extent that it is rendered unusable to any unauthorised party attempting to access it. The only way to decrypt the data is to use a key, which ideally should be under the control of the organisation who owns the data.
Currently, Pather points out, this is where many companies fall down in relation to GDPR, as 54% admitted that they rely on their cloud or Software as a Service (SaaS) provider to encrypt data and just over half 51 % think that it is acceptable for the solution provider to control all or part of the encryption keys.
“Where 54 % rely on the SaaS vendor for encryption, this is usually for ‘data at rest’, which under GDPR is only a subset of the ‘comprehensive security’ guidelines and recommendations which specifies the protection of PII and sensitive PII ‘data in motion’, ‘at rest’ and ‘in use’,” Pather explained.
“In the event of data compromise or loss, if the organisation is in full control of its own encryption keys, it can avoid the notification step altogether if the data is unreadable to the world outside the organisation,” he continued. “In contrast, if the cloud or SaaS provider controls the keys and they are breached, then there is no way to be certain the organisation’s data is safe and notifications and fines ensue.”
The survey comes just after Forrester released its Cloud Security Solutions Forecast that shows the cloud services market is set to soar from $114 billion in 2016 to $236 billion by 2020. Its rapid growth is also driving the market for cloud security tools, which Forrester estimates will increase from $1 billion in 2016 to $3.5 billion in 2021. Furthermore, the report notes that businesses are starting to recognise a lack of adequate key management among cloud providers, making key management a bigger priority for time and resource allocation.
eperi GmbH is a leading provider of Cloud Data Protection (CDP) solutions with several hundred customers addressing data security, compliance and data control use cases for custom applications and leading SaaS applications such as Office 365, Salesforce, ServiceNow and others.
As enterprises face significant legal and regulatory data compliance and data control challenges such as Data Residency, GDPR, PCI/DSS or HiPPA when leveraging the cloud and SaaS platforms, the eperi CDP solutions are helping address these data compliance and data control challenges through a range of cost effective software data protection solutions for most leading SaaS platforms. The eperi CDP solutions are unique in offering the broadest and deepest supports for cloud SaaS, applications, databases and files and are designed with a powerful template concept to support hundreds of different cloud SaaS applications.
More information is available at eperi.com.
+44(0)207 183 2843
+44(0)207 183 2842