Survey: 46% of organizations that store customer PII in the cloud consider moving it back on-premises due to security concerns

Netwrix, a vendor of information security and governance software, announced today the release of its global 2019 Netwrix Cloud Data Security Report. The annual report is based on feedback of 749 organizations that use private and public cloud services to store their data.

The findings revealed that 46% of organizations that store customer personally identifiable information (PII) in the cloud are considering moving it back on premises due to data security concerns. It should be noted that of the 50% of organizations that store customer data in the cloud, 39% had security incidents in the past year and more than 50% of those couldn’t diagnose the problem.

Other findings revealed by the report include:

• 50% of respondents store PII of customers and employees in the cloud, but far fewer are willing to store their financial data and intellectual property (IP) there (26% and 16% respectively).
• 75% of organizations that store customer PII in the cloud, but do not classify all their data, experienced a security incident.
• 31% of respondents consider business users to be the major security threat, while 16% think members of the IT team are a security risk. Unfortunately, 36% of organizations surveyed couldn’t identify who actually was at fault for a security breach in the cloud, compared to 6% in 2018.
• 33% of respondents that store all their sensitive data in the cloud had security incidents during the preceding 12 months.
• Compared to 2018, the share of accidental errors has increased by 14% and the share of malware attacks has increased by 11%, while the share of external attacks has decreased by 20%.
• Respondents plan to strengthen their cloud data security with encryption, monitoring of user activity and employee training, but 55% of them are having to manage with the same cloud security budget as last year.

The report revealed that organizations are misled by the idea that moving customer data back on premises will ensure data security. In reality, without a data security program in place, these organizations are playing a simple ‘shell game.’ Organizations need to inventory their data to ensure they know where all the customer data resides, migrate it to a secure location and implement an auditing solution to ensure only the right people have access to the right data.
Steve Dickson, CEO of Netwrix

As regulatory concerns continue to increase toward some unpredictable future peak, cloud-using organizations must increasingly demonstrate that they are governing cloud use. As a consequence of ceding some control, you should expect to perform more monitoring of cloud activity, to demonstrate that governance procedures are in place and are being followed.
Gartner, "CISO Playbook: How to Retain the Right Kinds of Control in the Cloud," by Steve Riley, March 21, 2017, Refreshed July 10, 2018

Learn more about the 2019 Netwrix Cloud Data Security Report: https://www.netwrix.com/2019cloudsecurityreport.html