Out-Law News 1 min. read
27 Jan 2017, 3:19 pm
According to the 2017 Thales Data Threat Report, the 'bring your own encryption key' (BYOK) concept has been identified as the most popular way to secure data in the cloud.
The report, which cited the results of a survey of 1,105 senior security executives from all over the world, also found that BYOK is the number one data security measure that businesses are planning to implement next year.
The survey identified a range of cloud security concerns within the business community. The top concern listed, which was referenced by 59% of respondents, was the fear that their cloud provider would experience a security breach. Concerns over "shared infrastructure vulnerabilities" and over a lack of control over where data is processed and stored in the cloud were also identified by more than half of the respondents.
Public cloud providers that help businesses encrypt data but allow them to use their own encryption keys could attract more customers, according to the report.
"Far and away the ability of cloud service providers to offer encryption with the ability for firms to manage and control their own encryption keys (BYOK) is cited as the top control (61%) that would lead to greater willingness to use public cloud services, followed by encryption with keys managed by the cloud provider," the report said.
"Yet only 35% of all respondents either currently implement or have plans to implement BYOK encryption as a part of their organisation’s overall data security strategy. That said, the adoption level of BYOK parallels the adoption levels of cloud overall, and thus, we expect interest in BYOK encryption to increase as data increasingly migrates to the cloud," Thales e-Security said.
The Thales report also found that 63% of businesses "deploy new technologies in advance of having appropriate levels of data security in place".
The report also revealed that 26% of the businesses represented in the survey experienced a data breach in the last year, up from 21.7% the previous year.
Nearly three-quarters of all respondents said their organisation would spend more on data security in the next 12 months in comparison to last year. Compliance is the main driver for data security spending, but an increasing number of respondents said that "implementing security best practice" was the primary reason for their expenditure.