IDG study “Cloud Security 2021”: Data classification in the cloud
More than half of German companies carry out data classification before cloud migration. This is the conclusion of the “Cloud Security 2021” study recently published by IDG Research together with uniscon, TÜV SÜD and other partners.
One third of companies plan to categorize their data
For the study, 383 qualified interviews were conducted with C-level IT decision-makers and IT specialists from companies in the DACH region (Germany, Austria, and Switzerland). According to the study, 53.4% of respondents answered the question “Does your company categorize what type of data or documents may be processed with which cloud services?” with a clear “YES”.
Only 11.3% do not categorize and do not plan to do so, while 5.9% are unsure. Moreover, 29.4% of decision makers say that they are at least planning a data classification. However, this hesitant decision-making behavior harbors major risks. Because at the latest when business-critical data ends up in the wrong hands due to a postponed classification, those responsible become aware of the weight of their omissions. A data leak, such as personal data, could quickly result in high GDPR fines, warns uniscon CEO Karl Altmann. For this reason, he urges all IT managers to consider subdividing their data stock according to its criticality before migrating to the cloud.
Data classification: What criteria are used?
The companies were also asked what criteria they use to categorize data before it migrates to the cloud. 69.7% pay particular attention to the intended use of the data: Is it intended only for internal use or should partners, and customers also have access? The type of data is almost as important. This plays a decisive role for 67.7%. A distinction is made here, for example, between personal and business-critical data.
Over a third (34.3%) of the respondents make a distinction depending on the location of the cloud provider. This makes sense and should always be considered before a cloud migration. It makes a huge difference whether the provider’s servers are located in the EU or in the USA, for example, since under the US CLOUD Act, US providers may be obliged to hand over customer data to the authorities.
32.8% of decision-makers also state that they classify data according to the type of cloud service used: Is it a public cloud, private cloud, business cloud, etc.?
Company size and IT budget are decisive
Company size also plays an important role when it comes to data classification. For example, 61% of companies with 1,000 employees or more say they categorize data before cloud migration. For smaller companies with fewer than 500 employees, it drops to only 44%.
The IT budget is also important. For companies spending at least ten million euros a year on IT, 64% categorize their data. According to Karl Altmann, this is too short-sighted: “Small companies have data that is just as worthy of protection as large ones. Unfortunately, savings are still too often made in the wrong place.”
Confidential computing: data protection for data of all categories
No matter what criteria you use to categorize your data: Cloud services like idgard® ensure a uniquely high level of security in the cloud thanks to Confidential computing—also known as Zero-Trust Computing. Sealed data processing and encryption of data during transmission and storage make idgard® so secure that even strictly regulated industries such as lawyers, financial advisors and government agencies venture into the cloud with their sensitive business and customer data.
Interested? Then try Confidential Computing for yourself and try our business cloud service idgard® now for 14 days for free! Signing up only takes a minute and you don’t even have to provide payment information! Secure and simplify your board communication and data exchange with partners, customers, and colleagues. Choose your trial package now.