Companies using cloud services are not taking adequate steps to protect their data. Just 17 percent of enterprises storing confidential data with cloud providers ensure the data is protected, even though 61 percent of organisations have reported a significant attempt to break into their data systems, twice as many as the previous year.
According to the 2010 Information Security Breaches Survey (ISBS) from PriceWaterhouse Coopers, there has been a big shift in the number of companies moving to hosted applications. Three-quarters of all enterprises now use services such as Software as a Service (SaaS) and cloud computing, and of these, 44 percent were entrusting critical services to third parties.
It's not just external threats that concern. Companies are more aware of the dangers of social networking sites. It's led to some organisations blocking staff access – nearly half of large organisations restrict the amount of Internet access available to staff – that's a big rise in two years, under a third of organisations had such restrictions in 2008.
Coupled with this shift, enterprises are concerned by the threat of a data leakage. There's an increasing demand for assurance over third parties with 40 percent of companies asking for third-party conformance to ISO 27001, the common standard for compliance.
Chris Potter, partner, OneSecurity, PricewaterhouseCoopers, said: "Very few organisations are encrypting data held on virtual storage, including the 'cloud'. Virtualisation and cloud computing seem to be set to follow the trend, established over the last decade, of controls lagging behind adoption of new technologies. Given the increased criticality and confidentiality of information held on virtual storage, organisations need to respond quickly to close this control gap."