This article originally appeared at The WHIR
Financial services firms are aggressively using encryption and tokenization to maintain data security while adopting cloud computing, according to a new report fromCipherCloud. The report shows that financial companies employ a rapidly maturing approach to cloud, with almost every one storing personally identifiable information (PII) in the cloud.
CipherCloud surveyed employees of over 50 global banking and financial services firms from North America, Europe, Asia Pacific and Latin America, asking them about strategies used to protect personally identifiable information in the cloud. The results inform the company’s Q2 2015 Global Cloud Data Security Report.
While almost all companies surveyed store some PII in the cloud, which data and how it is stored varies. Highly sensitive data is only held in the cloud by 33 percent, while the cloud is used by 47 percent to process personal financial data and 53 percent to store confidential business data.
“As financial services adopt the cloud, strict compliance regulations and corporate policies push them to be early adopters of security technologies,” said Pravin Kothari, founder and CEO, CipherCloud. “At the same time, the influence of cloud has upped the ante for financial services firm CISOs and their teams. As these companies increase their cloud adoption, they are building data protection in the cloud with the help of innovative encryption and tokenization technologies. Both regulatory scrutiny and the pace of data breaches compel the increased protection of their sensitive information.”
Tokenization is used by 40 percent of firms for protecting highly sensitive PII, and the use of both tokens and strong encryption increases with the sensitivity of the data being protected. Encryption is favored over tokenization for less sensitive data, likely to ease frequent search and sort functions, the report says. Sixty-four percent use searchable encryption, balancing searchability and security strength to support workflows where data references or indexes other information. The report also stresses the importance of format preserving encryption for data like email addresses, which is the method used by 91 percent of respondents.
More than a billion records with PII were leaked in 2014, according to an IBM report.
A March report sponsored by CipherCloud showed that financial institutions were working towards cloud strategies, but less than 30 percent in the US had one in place. Evidence that financial institutions would spend to address cybersecurity in the wake of a series of bank hacks began to role in with a Temenos survey last September, and CipherCloud will offer its data protection and compliance solutions in a bid for a share of the growing market.