A new survey has revealed almost half of companies that have adopted cloud storage solutions for the storage and processing of sensitive data are rethinking this strategy in response to growing security concerns.
Security software provider Netwrix’s 2019 Cloud Data Security Report found some 46 per cent of businesses are looking to shift their customers’ personally identifiable information (PII) from the cloud back to on-premise alternatives in the belief they will enjoy greater security and control over such data.
This comes after one in three firms (33 per cent) that used the cloud for storage of PII experienced a security incident during the last 12 months. The study found that compared with 2018, the share of accidental errors has increased by 14 per cent and the share of malware attacks rose by 11 per cent.
However, the company warned that simply moving back to an on-premise solution alone will not address any security concerns businesses have. They must also have a comprehensive strategy in place that gives them full visibility into their data and ensuring they have a complete understanding of what information they possess, where it is located, and who has access to it.
Chief executive of Netwrix Steve Dickson said: “Organisations are misled by the idea that moving customer data back on premises will ensure data security. In reality, without a data security programme in place, these organisations are playing a simple ‘shell game’.”
However, the survey also found many firms are failing to put in place the necessary precautions that will protect their sensitive PII data, regardless of where it is stored, and this could cause problems if they do experience a data breach.
For instance, three-quarters of organisations that failed to classify all of their cloud-based data suffered an incident, while more than a third of organisations surveyed (36 per cent) couldn’t identify who actually was at fault for a security breach in the cloud, compared to just six per cent in 2018.
Mr Dickson added: “Organisations need to inventory their data to ensure they know where all the customer data resides, migrate it to a secure location and implement an auditing solution to ensure only the right people have access to the right data.”