Far from being scared off by cloud security, financial firms are taking a “rapidly maturing approach,” with almost 100 percent of companies quizzed by CipherCloud, Inc. storing at least some personally identifiable information (PII) in the cloud. That’s according to the Q2 Global Cloud Security report from the enterprise security provider, which highlights emerging trends in the way organizations store their cloud-based data.

With more organizations getting hooked into the cloud, one of the main issues they face is data security compliance. As such, CipherCloud’s report is heavily focused on financial services organizations that host critical data in the cloud.

But these firms aren’t just hoping no one will try to steal their data. Instead, they’re aggresively employing a variety of encryption and tokenization tools to maintain data security in the cloud, CipherCloud said.

The risks of not doing so are well-known. As CipherCloud points out in its report, analysts estimate total cloud spending will reach $28 billion in 2018, and that makes cloud service providers a prime target for hackers.

“As financial services adopt the cloud, strict compliance regulations and corporate policies push them to be early adopters of security technologies,” said Pravin Kothari, CEO of CipherCloud. “As these companies increase their cloud adoption, they are building data protection in the cloud with the help of innovative encryption and tokenization technologies. Both regulatory scrutiny and the pace of data breaches compel the increased protection of their sensitive information.”

CipherCloud quizzed IT pros from more than 50 of the world’s top banking and financial firms for its report, including firms from North America, Europe, Asia Pacific and Latin America, asking them about the strategies they’re using to protect PII in the cloud.

While almost every financial firm stores some PII data in the cloud, they differ in which kind of data and how that data is stored. For example, only 33 percent of firms store “highly sensitive” data in the cloud, while 47 percent use the cloud to process personal finance data, and another 53 percent store confidential business data on cloud servers.

To protect said data, just over 40 percent of firms use tokenization, while the use of tokenization together with strong encryption increases when highly sensitive data is concerned. Interestingly, most firms favor encryption over tokenization for less sensitive data, most likely for ease of access. In total, some 64 percent of firms use searchable encryption, which tries to balance the need for searchability with security strength. CipherCloud’s report also notes the importance of format preserving encryption for data like customer’s email addresses, a method used by 91 percent of finance companies.

CipherCloud’s report shows that the financial services industry is a lot faster than most in embracing cloud computing. An earlier report from the company last march showed that while most U.S. organizations are in the midst of developing a cloud strategy, less than 30 percent actually have one in place.

Photo Credit: gramz via Compfight cc