The UK has fallen behind other countries in protecting assets stored in the cloud, according to a study conducted by digital security company Gemalto.

Cloud

The findings revealed regional discrepancies in adopting cloud security, with Germany the front-runner.

According to the study, firms in Germany are 61% likely to secure confidential or sensitive information in the cloud, well ahead of the UK at only 35%.

The findings showed there is a gap in awareness, with the UK at risk from falling behind new global privacy and data protection regulations despite the prevalence of cloud usage.

CCS Insight Vice President of Enterprise Research Nicholas McQuire told IBC365: “The main challenge is that often firms suffer from ‘cloud sprawl’, meaning they have their data residing in many different applications and cloud services.

“Having visibility and a consistency in security and governance across a wide range of different cloud services, which themselves have different approaches to security is very challenging for businesses.”

The study highlighted that encryption and security are two key areas of concern with 81% of companies surveyed in agreement that security authentication methods to access data and assets in the cloud is essential and or very important.

However, the level of security applied to meet regulations is a concern; according to the study only 40% of all data stored in the cloud is access secured. 

McQuire explained: “Failing to protect your company’s and customers’ data can cause serious financial and reputational damage, as the fall out of the Equifax breach of last year has revealed.”

It is critical to protect assets stored in the cloud, McQuire said.

Nicholas mc quire ccs insight vice president of enterprise research

Nicholas McQuire 

“Some 85% of businesses now run at least some of their applications in the cloud and an increasing number of firms are now cloud-only, meaning they run all of their company apps in the cloud.”

Cloud computing applications and platform solutions are considered critical to organisations’ operations with 87% of respondents agreeing the cloud will increase in importance over the next two years.

The main barriers to adopting a compliant cloud security strategy is a misunderstanding of how much cloud usage is occurring across the employee base as well as the organisations IT function. This is particularly prevalent across firms that have been slower to embrace the cloud.

McQuire said: “This decentralised and fragmented usage, as well as a lack of acknowledgement of this activity by IT departments, creates risk to the organisation.”

It is predicted that within two years an average of 51% of all IT and data processing requirements will be in the cloud, an overall increase of today’s 39% of cloud operations.

GDPR compliance

With the upcoming General Data Protection Regulation (GDRP) compliance effective 25 May this year, it will directly implicate cloud-based operations for UK companies who target consumers outside and inside of the EU.

According to the study, 60% of respondents believe they are not in a position to comply with GDRP.

GDRP will directly affect cloud security if the correct security and encryption protocols are not employed by businesses.

McQuire said: “Firms will have to have better governance of data overall including data sitting with multiple cloud providers.

“The cloud providers themselves are investing heavily to ensure their services are compliant for customers but not all cloud services will have the same GDPR standards.”

95% of businesses globally have adopted cloud services the lack of security precautions vary regionally and 40% of organisations admitted to not having encrypted or key management security solutions for data stored in the cloud.

However the study concluded that 57% of organisations believe using the cloud increases compliance risk and 49% believe customer data is at risk of being stored in the cloud. 

Gemalto Chief Technology Officer of Data Protection, Jason Hart said: “ While it’s good to see some countries like Germany taking the issue of cloud security seriously, there is a worrying attitude emerging elsewhere.”

This could be because it is assumed that data protection in the cloud is difficult to maintain, however, Hart stated: “The opposite is true.

“The benefit of the cloud is its convenience, scalability and cost control in offering options to businesses that they would not be able to access or afford on their own, particularly when it comes to security. However, while securing data is easier, there should never be an assumption that cloud adoption means information is automatically secure.”

The study surveyed more than 3,200 IT and IT security practitioners worldwide to gain a better understanding of the key trends in data governance and security practices for cloud-based services.