SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
Germany outpaces APAC region for cloud security savviness
Mon, 22nd Jan 2018
FYI, this story is more than a year old

A joint study between The Ponemon Institute and Gemalto says that global companies have taken advantage of the benefits of cloud computing, but those companies have wildly differing approaches to security precautions.

The global statistics from The 2018 Global Cloud Data Security Study show that Germany's lead in cloud security outpaces efforts in the Asia Pacific region in areas including data sharing, encryption and cloud deployment.

Out of the 3200 surveyed IT practitioners, 95% say their company has adopted cloud services – yet 57% believe the cloud increases the risk of compliance breaches.

There is a renewed interest in the importance of encryption according to 77% of businesses.

However, despite the surge in cloud use and importance of encryption, businesses could have their heads in the cloud.

According to the study, 25% of respondents could name all of the cloud services their organisation is using.

“The benefit of the cloud is its convenience, scalability and cost control in offering options to businesses that they would not be able to access or afford on their own, particularly when it comes to security,” comments Gemalto's CTO of data protection Jason Hart.

The Asia Pacific region – room for improvement

31% of Japan respondents say their organisation is cautious about sharing sensitive cloud data with third parties. In Australia, the number rises to 46%.

Only half of Japan organisations (50%) say they secure sensitive or confidential information in the cloud, however when they do secure it, 62% are applying higher levels of security. 61% of India respondents also do the same.

Australian respondents are less stringent about security safeguards relating to specific cloud applications (48%), well behind Germany (65%).

“While securing data is easier, there should never be an assumption that cloud adoption means information is automatically secure. Just look at the recent Accenture and Uber breaches as examples of data in the cloud that has been left exposed. No matter where data is, the appropriate controls like encryption and tokenisation need to be placed at the source of the data. Once these are in place, any issues of compliance should be resolved,” Hart continues.

Just over half of Australian respondents (54%) say their organisations take the time to evaluate cloud providers before deploying services, compared to 73% of German respondents.

Germany leads the world in cloud security and encryption

The study found that German organisations are most cautions about sharing cloud data with third parties (61%), compared to 35% in the UK.

61% of German organisations are also securing confidential information in the cloud, and applying higher levels of security (67%).

“While it's good to see some countries like Germany taking the issue of cloud security seriously, there is a worrying attitude emerging elsewhere. This may be down to nearly half believing the cloud makes it more difficult to protect data, when the opposite is true,” Hart concludes.

While shadow IT may be causing challenges for countries including Australia, only 25% of German respondents say they are not confident that they know all of the cloud computing applications, platforms and infrastructure services they are using.