Despite a seeming endless litany of data breaches, a new report says only 17% of US companies are encrypting more than half of their cloud data.
Data breaches have become an everyday occurrence, with company after company notifying users that their data has been exposed. More often than not, the exposure is the result of a database being left unencrypted and easily accessible via the web.
Unfortunately, it seems that US companies are a little slow on the uptake, as the 2021 Thales Cloud Security Study shows that 83% are leaving over half of their sensitive cloud data unencrypted.
Even more concerning, industry sectors containing sensitive information are only marginally better.
Sectors such as financial services, transportation, and media and entertainment are only marginally better at 21% saying they encrypt more than half of their sensitive data.
The report also found a correlation between multicloud deployments and low encryption levels. Of the organizations using multicloud environments, only 15% have encrypted more than 50% of their cloud data.
The report emphasizes the need for companies to take action to better protect user data.
To the extent that protecting customer data is a priority, organizations should strongly consider reviewing their strategies and approaches to proactively protect data in cloud, especially sensitive data. This includes understanding the role of specific controls and technologies including authentication, encryption and key management, as well as the shared responsibilities between providers and their customers.
As data privacy and sovereignty regulations grow across the globe, it will be paramount for end-user organizations to have a clear understanding of how they remain responsible for data security and how they must make clear decisions about just who is in control of and who can access their sensitive data.
The 2021 Thales Cloud Security Study gives a disturbing glimpse into how cloud-based companies are (mis)handling data and is well-worth a read.