Cloud services are very tempting for businesses and with the amount of corporate data entering the cloud each day; security seems to have taken a back seat. A recent report put together by the Ponemon Institute after surveying 3,000 IT and IT security practitioners across eight countries revealed that almost half (48%) of corporate data is on cloud, but only 32% of businesses have a security-first approach to data storage via cloud services.

Multi-cloud is currently dominating the space with 48% of respondents using the solution. Unsurprisingly, Microsoft Azure, AWS, and IBM were the most popular vendors among respondents and 28% of the respondents said that they were using at least four cloud providers.

Larry Ponemon, Chairman and Founder at Ponemon Institute said that “With businesses increasingly looking to use multiple cloud platforms and providers, it’s vital that they understand what data is being stored and where. Not knowing this information makes it essentially impossible to protect the most sensitive data – ultimately leaving these organizations at risk.”

It is not just a question of how secure data on multi-cloud services is in the first place but there is also the additional problem of who is takes responsibility if something goes wrong and data is compromised?

When respondents were asked who bore the responsibility when it comes to sensitive data in the cloud, there was no real consensus. Around 35% thought the provider bears responsibility, 31% said that it was the responsibility of organizations, and 33% said that it was a shared responsibility. This split response indicates that there is no clear, set-in-stone structure, when it comes to cleaning up the mess.

In most cases, shared responsibility seems to be the norm, where the provider handles the infrastructure and the vendor is responsible for the application. Oracle, however, plans to replace the shared responsibility system with an “autonomous next-generation cloud” that is free of human error.

The survey findings show that 54% of respondents believe that cloud storage makes it difficult to protect sensitive data, and 67% of them believe that conventional security methods are difficult to apply when it comes to cloud-based data.

The study clearly illustrates a lack of structure when it comes to data security on the cloud. Decision makers need to seriously consider the inherent safety concerns of using cloud services before using the services. And if you are considering the multi-cloud approach—a safety first approach is not an option.