46 percent of organizations consider taking personal data out of the cloud

A new study finds that 46 percent of organizations which store customer personally identifiable information (PII) in the cloud are considering moving it back on premises due to data security concerns.

The research from information security software company Netwrix also shows that of the 50 percent of organizations that store customer data in the cloud, 39 percent had security incidents in the past year and more than 50 percent of those couldn’t diagnose the problem.

Among other findings are that although 50 percent of respondents store PII of customers and employees in the cloud, far fewer are willing to store their financial data and intellectual property there (26 percent and 16 percent respectively).

In addition 31 percent of respondents consider business users to be the major security threat, while 16 percent think members of the IT team are a security risk. Unfortunately, 36 percent of organizations surveyed couldn't identify who actually was at fault for a security breach in the cloud, compared to only six percent in 2018.

Some 33 percent of respondents that store all their sensitive data in the cloud experienced security incidents during the preceding 12 months. Compared to 2018, the share of accidental errors has increased by 14 percent and the share of malware attacks has increased by 11 percent, while the share of external attacks has gone down by 20 percent.

"The report revealed that organizations are misled by the fact that moving customer data back on premises will ensure data security. In reality, without a data security program in place, these organizations are playing a simple 'shell game.' Organizations need to inventory their data to ensure they know where all the customer data is, migrate it to a secure location and implement an auditing solution to ensure only the right people have access to the right data," says Steve Dickson, CEO of Netwrix. "As regulatory concerns continue to increase toward some unpredictable future peak, cloud-using organizations must increasingly demonstrate that they are governing cloud use. As a consequence of ceding some control, you should expect to perform more monitoring of cloud activity, to demonstrate that governance procedures are in place and are being followed."

The full report is available from the Netwrix site.

Image Credit: Maksim Kabakou/Shutterstock