As headline grabbing hacks proliferate, financial institutions bank on data protection to limit exposure in the cloud
CipherCloud, a leader in cloud visibility and data protection, has released its Q2 2015 Global Cloud Data Security Report. This quarter's report focuses on the strategies of over 50 global companies in banking, investment, wealth management and other areas of financial services used to protect sensitive data in the cloud. The takeaways provide real world tested guidance for other enterprises as they assess their options for protecting information against a potential data breach.
The adoption of the cloud continues to grow rapidly with Gartner forecasting $282 billion in spending by 2018. "As financial services adopt the cloud, strict compliance regulations and corporate policies push them to be early adopters of security technologies," said Pravin Kothari, founder and CEO, CipherCloud. "At the same time, the influence of cloud has upped the ante for financial services firm CISOs and their teams. As these companies increase their cloud adoption, they are building data protection in the cloud with the help of innovative encryption and tokenisation technologies. Both regulatory scrutiny and the pace of data breaches compel the increased protection of their sensitive information.”
Overall, the results from more than 50 global banking and financial services firms across North America, Europe, Asia Pacific and Latin America indicate that they are aggressively adopting and proactively securing data in the cloud. For instance, nearly 100 percent of the firms in the study put personally identifiable data, such as names, addresses and phone numbers in the cloud. 33 percent use the cloud to store highly sensitive PIIs such as social security numbers, birth dates, tax IDs, etc. 47 percent use the cloud to process personal finance data and 53 percent have business confidential data in the cloud. Each firm uses one or some combination of data protection technologies, such as encryption or tokenisation, to protect these various categories of sensitive data. These findings debunk the notion that financial institutions shy away from cloud and show that these firms are increasingly mature in their cloud data protection practices.
Key Findings on the State of Cloud Data Protection:
- 40 percent of firms with highly sensitive personal identifiable information choose tokenisation for protection. As sensitivity of data goes up, so does the tendency of using tokenisation and strong encryption schemes. Tokenisation is used progressively less as the criticality of data decreases, indicating a preference for encryption when it comes to data that requires frequent search and sort functions.
- 64 percent of firms use searchable encryption to protect sensitive data while supporting business workflows. Firms trade off searchability for security strength when the data is used in enterprise workflows to reference or index other information.
- Format preserving is key for special structured data. Protecting data – such as email, URL, phone numbers, where the data has a specific recognisable format – requires format-preserving protection, above all other constraints.
- Protecting sensitive data while supporting business operations is a balancing act. Depending on the nature of the data – format, sensitivity and business use cases – the enterprise may choose a very different protection scheme. Enterprises can leverage CipherCloud's data protection framework to make these complex decisions.