Thales News Release

Ponemon Institute Survey On Cloud Data Security Exposes Gulf Between IT Security And Compliance Officers

November 1, 2011

Thales Sponsored Research Finds Two Groups at Odds over Service Provider Controls, Top Security Measures and Roles/Responsibilities

SAN JOSE, Calif. – Nov. 1, 2011 –Thales eSecurity, Inc., the leader in enterprise systems encryption and key management, today announced the results from an independent research report conducted by the Ponemon Institute on how organizations manage data security risks in cloud computing environments. The survey of 1,000 IT security practitioners and enterprise compliance officers revealed that less than half of all respondents believe their organizations have adequate technologies to secure their cloud infrastructures. Meanwhile, the two groups sharply disagreed on whether the cloud is as secure as on-premise datacenters, who is responsible for cloud data security, and what security measures should be used.

According to the report entitled “Data Security in the Cloud Survey of U.S. IT Operations, IT Security and Compliance Practitioners”, only one third of IT security practitioners believe cloud infrastructure(IaaS) environments are as secure as on premise datacenters, while half of compliance officers think IaaS is as secure. Regarding cloud security roles, most (21 percent) compliance officers said they are responsible for defining security requirements, but the majority (22 percent) of IT respondents think this responsibility belongs to business unit leaders. When asked about the most important cloud security measure, IT practitioners cited the use of encryption to make data unreadable by cloud service providers, yet compliance officers said encryption should be used to enforce separation of duties to prevent IT administrators from accessing data they do not need to perform their jobs.

Larry Ponemon, Chairman and Founder of the Ponemon Institute, and Thales will unveil the report’s complete findings and discuss their implications in a webinar on Tuesday, November 1, 2011 at 2:00 pm Eastern Time. To register for Cloud Data Security from IT Security and Compliance Perspectives please visit this link. The report will be available for download here beginning Nov. 2nd.

“While we were surprised by the different attitudes towards cloud security among IT practitioners and compliance officers, the findings did reveal that security in the cloud is a concern for both groups, especially in IaaS environments,” said Larry Ponemon, Chairman and Founder of the Ponemon Institute. “What is most troubling is the fact that while respondents feel they lack adequate technologies to secure their IaaS environments, ownership for security in the cloud is dispersed throughout the organization.”

Additional Findings

Ponemon Institute also identified the following key findings on Data Security in the Cloud:

  • Less than half of IT practitioners (35%) and compliance officers (42%) believe their organizations have adequate technologies to secure their IaaS environments
  • Less than one third of respondents said their organizations encrypt data and/or files in the cloud
  • Data in IaaS (Infrastructure as a Service) cloud environments is perceived as a greater security risk. SaaS (Software as a Service) is considered by both groups to be more secure
  • More than half of respondents said their organization’s internal audit review does NOT provide feedback on the security in cloud infrastructures
  • While both groups disagreed on who is responsible for defining cloud security requirements, they agreed that:
    • Business unit leaders are responsible for enforcing cloud security requirements
    • No one role is responsible for implementing security in the cloud

“The fact that both IT practitioners and compliance officers consider encryption to be one of the most important enabling technologies for securing cloud infrastructures, even though they disagree on its use case, reflects what we are seeing in the marketplace,” said Richard Gorman, CEO of Thales. “Since we work with both security and compliance teams, we have experienced firsthand how ownership for security in the cloud is often times splintered. This makes it extremely difficult for organizations to implement an enterprise-wide data security strategy that incorporates protection for sensitive information in the cloud.”

About Thales eSecurity

Thales is the leader in enterprise system encryption. The Vormetric Data Security product line provides a single, manageable and scalable solution to encrypt any file, any database, any application, anywhere it resides— without sacrificing application performance or creating key management complexity. Some of the largest and most security conscious organizations and government agencies in the world, including 7 of the Fortune 20, have standardized on Thales to provide strong, easily manageable data security. Thales technology has previously been selected by IBM as the only database encryption solution for DB2 and Informix on LinuxTM, Unix® and Windows; by Symantec to provide the Symantec Veritas NetBackupTM Media Server Encryption Option; and by Oracle to secure the execution environment for Oracle® Database Vault. For more information visit,

Editorial Contact:

Marc Gendron
Marc Gendron PR

Thales is a trademark of Thales eSecurity, Inc. All other names mentioned are trademarks, registered trademarks or service marks of their respective owners.