Story image

Germany outpaces APAC region for cloud security savviness

22 Jan 18

A joint study between The Ponemon Institute and Gemalto says that global companies have taken advantage of the benefits of cloud computing, but those companies have wildly differing approaches to security precautions.

The global statistics from The 2018 Global Cloud Data Security Study show that Germany’s lead in cloud security outpaces efforts in the Asia Pacific region in areas including data sharing, encryption and cloud deployment.

Out of the 3200 surveyed IT practitioners, 95% say their company has adopted cloud services – yet 57% believe the cloud increases the risk of compliance breaches.

There is a renewed interest in the importance of encryption according to 77% of businesses.

However, despite the surge in cloud use and importance of encryption, businesses could have their heads in the cloud.

According to the study, 25% of respondents could name all of the cloud services their organisation is using.

“The benefit of the cloud is its convenience, scalability and cost control in offering options to businesses that they would not be able to access or afford on their own, particularly when it comes to security,” comments Gemalto’s CTO of data protection Jason Hart.

The Asia Pacific region – room for improvement

31% of Japan respondents say their organisation is cautious about sharing sensitive cloud data with third parties. In Australia, the number rises to 46%.

Only half of Japan organisations (50%) say they secure sensitive or confidential information in the cloud, however when they do secure it, 62% are applying higher levels of security. 61% of India respondents also do the same.

Australian respondents are less stringent about security safeguards relating to specific cloud applications (48%), well behind Germany (65%).

“While securing data is easier, there should never be an assumption that cloud adoption means information is automatically secure. Just look at the recent Accenture and Uber breaches as examples of data in the cloud that has been left exposed. No matter where data is, the appropriate controls like encryption and tokenisation need to be placed at the source of the data. Once these are in place, any issues of compliance should be resolved,” Hart continues.

Just over half of Australian respondents (54%) say their organisations take the time to evaluate cloud providers before deploying services, compared to 73% of German respondents.

Germany leads the world in cloud security and encryption

The study found that German organisations are most cautions about sharing cloud data with third parties (61%), compared to 35% in the UK.

61% of German organisations are also securing confidential information in the cloud, and applying higher levels of security (67%).

“While it’s good to see some countries like Germany taking the issue of cloud security seriously, there is a worrying attitude emerging elsewhere. This may be down to nearly half believing the cloud makes it more difficult to protect data, when the opposite is true,” Hart concludes.

While shadow IT may be causing challenges for countries including Australia, only 25% of German respondents say they are not confident that they know all of the cloud computing applications, platforms and infrastructure services they are using.

Cisco expands security capabilities of SD­-WAN portfolio
Until now, SD-­WAN solutions have forced IT to choose between application experience or security.
AlgoSec delivers native security management for Azure Firewall
AlgoSec’s new solution will allow a central management capability for Azure Firewall, Microsoft's new cloud-native firewall-as-a-service.
How to configure your firewall for maximum effectiveness
ManageEngine offers some firewall best practices that can help security admins handle the conundrum of speed vs security.
Exclusive: Why botnets will swarm IoT devices
“What if these nodes were able to make autonomous decisions with minimal supervision, use their collective intelligence to solve problems?”
Why you should leverage a next-gen firewall platform
Through full lifecycle-based threat detection and prevention, organisations are able to manage the entire threat lifecycle without adding additional solutions.
The quid pro quo in the IoT age
Consumer consciousness around data privacy, security and stewardship has increased tenfold in recent years, forcing businesses to make customer privacy a business imperative.
ForeScout acquires OT security company SecurityMatters for US$113mil
Recent cyberattacks, such as WannaCry, NotPetya and Triton, demonstrated how vulnerable OT networks can result in significant business disruption and financial loss.
Exclusive: Fileless malware driving uptake of behavioural analytics
Fileless malware often finds its way into organisations via web browsers (or in combination with other vectors such as infected USB drives).