Study from Netwrix finds that only with a data security program can organizations completely address the security of customer data regardless of its location

Netwrix announced the release of its global 2019 Netwrix Cloud Data Security Report. The annual report is based on feedback of 749 organizations that use private and public cloud services to store their data.

The findings revealed that 46% of organizations that store customer personally identifiable information (PII) in the cloud are considering moving it back on premises due to data security concerns. It should be noted that of the 50% of organizations that store customer data in the cloud, 39% had security incidents in the past year and more than 50% of those couldn’t diagnose the problem.

Other findings revealed by the report include:
-50% of respondents store PII of customers and employees in the cloud, but far fewer are willing to store their financial data and intellectual property (IP) there (26% and 16% respectively).
-75% of organizations that store customer PII in the cloud, but do not classify all their data, experienced a security incident.
-31% of respondents consider business users to be the major security threat, while 16% think members of the IT team are a security risk. Unfortunately, 36% of organizations surveyed couldn’t identify who actually was at fault for a security breach in the cloud, compared to 6% in 2018.
-33% of respondents that store all their sensitive data in the cloud had security incidents during the preceding 12 months.
-Compared to 2018, the share of accidental errors has increased by 14% and the share of malware attacks has increased by 11%, while the share of external attacks has decreased by 20%.
-Respondents plan to strengthen their cloud data security with encryption, monitoring of user activity and employee training, but 55% of them are having to manage with the same cloud security budget as last year.

Steve Dickson of Netwrix said that the report revealed that organizations are misled by the fact that moving customer data back on premises will ensure data security. In reality, without a data security program in place, these organizations are playing a simple ‘shell game.’ Organizations need to inventory their data to ensure they know where all the customer data is, migrate it to a secure location and implement an auditing solution to ensure only the right people have access to the right data.