Data Encryption in the Cloud Falls Short
As more data and enterprise applications are moved to public cloud services, a surprisingly high number of enterprises responding to a new cloud security survey said they are not encrypting their data and other cloud workloads.
The cloud adoption survey of more than 400 executives spanning a variety of industries who attended the recent VMworld conference found that 28 percent deploying data, applications and workloads on public clouds are doing nothing to encrypt data. Survey sponsor and workload security vendor HyTrust Inc. added that it is seeing more enterprises moving sensitive data to multi-cloud environments, leaving more data vulnerable to breaches.
The survey results run counter to growing concerns about data security in public clouds. One reason is that organizations are unsure about how to manage cloud security. Those concerns were reflected in survey findings that 47 percent of those polled by HyTrust said security was the primary reason they have avoided shifting data to the cloud.
Of those who have, 44 percent said they are encrypting data using a public cloud provider's security offering while 28 percent are deploying an outside data encryption approach.
The cloud survey also shed light on how cloud rollouts are being addressed by a range of industries that include financial services, health care, manufacturing and retail. About 60 percent of respondents said they plan to move to a multi-cloud model while a slightly higher percentage said their hybrid cloud strategy also focused on multiple cloud vendors.
The cloud survey results roughly parallel current public cloud rankings, with 26 percent using Amazon Web Services (NASDAQ: AMZN) and 21 percent running on Microsoft Azure (NASDAQ: MSFT). Thirty percent of multi-cloud adopters said they preferred a combination of AWS and Azure. More than one-third of respondents said they are deploying data, applications and workloads on AWS, Azure and vCloud Air.
VMware is among the infrastructure backers of HyTrust. The CIA's investment arm, In-Q-Tel, also has invested in the workload security specialist based on Mountain View, Calif.
Along with security, other top concerns about cloud adoption included cost (28 percent) and reliability (21 percent), HyTrust reported.
The survey also confirms the steady embrace of hybrid cloud strategies, with 59 percent of respondents giving hybrid platforms a thumbs-up. "But just as organizations want choice and flexibility in the public and private cloud combination, they want the same with their cloud deployments," the survey noted.
With the trend toward "a multi-cloud, multi-vendor, hybrid deployment" fairly well established, the security vendor also made its pitch for "multi-cloud workload security."
Despite rising awareness about cloud security, "there are obvious gaps including many who are not yet encrypting their cloud workloads as well as those who are running encryption solutions where they are not the only ones holding the encryption keys or prepared to support a multi-cloud encryption deployment," HyTrust said.