The Cloud Makes Privacy and GDPR Easier, Not Harder
Despite a lack of confidence in SaaS and PaaS applications, the cloud is an integral part of many companies’ privacy and security efforts according to a Microsoft-sponsored Ponemon Institute survey of over 1,000 IT or security professionals familiar with both protecting personal data in cloud environments and knowledgeable about their organization’s approach to privacy and legal compliance.
Sixty-two percent of this well-informed group believes privacy concerns have not stopped or slowed down adoption of cloud services, with only 35% seeing these concerns as an impediment. Not only is it not an inhibitor, 54% actually agree that security and/or privacy protections are a reason to migrate to the cloud, with 44% citing compliance with emerging data protections (e.g., California’s Consumer Privacy Act).
Privacy-related activities like GDPR compliance, conducting a privacy assessment and tagging sensitive personal data are easier to deploy in a public cloud as opposed to an on-premises environment. It appears that the cloud provides for a greater degree of standardization, which in turn makes it easier to vet solutions.
There is a more mixed picture when respondents are asked specifically about SaaS and PaaS applications. Sixty percent are not confident that the PaaS applications their organization uses meets privacy and data protection requirements, with 53% saying SaaS apps meet that threshold. More than half of respondents said privacy and data security requirements are evaluated prior to a SaaS or PaaS application being deployed.
Despite this negativity, there is also optimism that within two years these solutions will be important to meeting these objectives. In fact, while only 26% see PaaS as important to privacy and data protection today, twice as many respondents (53%) expect PaaS to be critical to privacy and security efforts in the near future. So, while high profile security breaches may get a lot of attention, cloud services are also part of the industry’s privacy/security future.
Source: Microsoft and Ponemon’s “Data Protection and Privacy Compliance in the Cloud: Privacy Concerns Are Not Slowing the Adoption of Cloud Services, but Challenges Remain”.
Two Bonus Charts
Source: Microsoft and Ponemon’s “Data Protection and Privacy Compliance in the Cloud: Privacy Concerns Are Not Slowing the Adoption of Cloud Services, but Challenges Remain”.
In a subsequent question, 29% said their organization already has a Bring Your Own Key (BYOK) policy, with another 22% plan to have it within the next 6 months. BYOK allows enterprises, not cloud service providers, to encrypt their data and retain control and management of their encryption keys. Source: Microsoft and Ponemon’s “Data Protection and Privacy Compliance in the Cloud: Privacy Concerns Are Not Slowing the Adoption of Cloud Services, but Challenges Remain”.
Feature image via Pixabay.
