eDiscovery Daily Blog

• August 1, 2016

How many blog posts in a row can start with the phrase “less than half”?  At least two… :o)

We’ve covered the growth of cloud adoption several times, especially in eDiscovery, including here and here.  However, according to a new survey from Ponemon, organizations apparently aren’t adopting appropriate governance and security measures to protect sensitive data in the cloud.

In the article Ponemon: Cloud Adoption Grows as Security Lags (written by Tara Seals), 73% of respondents to the survey indicated that cloud-based services and platforms are important to their organization’s operations, and 81% of respondents said they will be more so over the next two years.  Not only that, but 36% of respondents said their companies’ total IT and data processing needs were met using cloud resources today and that number is expected to rise to 45% over the next two years!

Unfortunately, 54% of the respondents said their companies do not have a proactive approach to managing security and complying with privacy and data protection regulations in cloud environments, indicating that their organizations are not careful about sharing sensitive information in the cloud with third parties such as business partners, contractors and vendors.  Challenges identified by survey respondents include:

• Difficulty in controlling or restricting end-user access, which increased from 48% in 2014 to 53% of respondents in 2016;
• Inability to apply conventional information security in cloud environments (70% of respondents);
• Inability to directly inspect cloud providers for security compliance (69% of respondents);
• Shadow IT is also a problem – nearly half (49%) of cloud services are deployed by departments other than corporate IT and an average of 47% of corporate data stored in cloud environments is not managed or controlled by the IT department.

“Cloud security continues to be a challenge for companies, especially in dealing with the complexity of privacy and data protection regulations,” said Larry Ponemon, chairman and founder, Ponemon Institute.

At least there is intent: 65% of respondents said their organizations are committed to protecting confidential or sensitive information in the cloud.

This isn’t the first study we’ve covered by the Ponemon Institute – click here and here for others.  Go Ponemon Go! (see what I did there?)… :o)

By the way, not all cloud solutions are created equal when it comes to security.  Here’s how we do it.

So, what do you think?  How does your organization handle security for cloud based solutions?  Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.