Over Half of Security Professionals will Stop Putting Sensitive Data in Cloud Due to GDPR

GDPR has meant that the age-old debate about the adequacy of security in the cloud has reared its head again


eperi, a leading provider of Cloud Data Protection (CDP) solutions, has disclosed the results of a survey of 250 IT security professionals that gives insight into what the new General Data Protection Regulation (GDPR) will mean for their organisations’ cloud practices.  

The study indicates uncertainty when it comes to cloud security as 53 percent of the respondents said that GDPR data security requirements would keep them from putting sensitive data in the cloud. For the majority (85 percent) this was due to their lack of confidence in the protection of sensitive data.

In addition, 72 percent noted that they would have to re-evaluate their data security requirements in the cloud because of the regulation that comes into force May 2018.

“GDPR has meant that the age-old debate about the adequacy of security in the cloud has reared its head again,” said Ravi Pather, senior VP of eperi.  “Fines under the regulation seem to be the main driver for meeting compliance, as it’s likely to be an organisation killer for the worst offences.  

"But, with all of this hype, organisations must not forget that if they first and foremost secure the data that goes into the cloud through encryption or tokenisation and remain in control of the encryption keys, the scope of GDPR can be significantly reduced.”

Encrypting or tokenising data means that it is scrambled by an algorithm to such an extent that it is rendered unusable to any unauthorised party attempting to access it.  The only way to decrypt the data is to use a key, which ideally should be under the control of the organisation who owns the data.

Currently, Pather points out, this is where many companies fall down in relation to GDPR, as 54 percent admitted that they rely on their cloud or Software as a Service (SaaS) provider to encrypt data and just over half 51percent think that it is acceptable for the solution provider to control all or part of the encryption keys.

Tags assigned to this article:
Security Professionals Sensitive Data cloud GDPR


Around The World