Tuesday, 30 October 2018

Data in the cloud is more exposed than organisations think

Data stored in the cloud is not nearly as secure as companies think according to new research from cybersecurity firm McAfee.

The company's recently released Cloud Adoption and Risk Report analysed billions of events from customers production cloud use to better assess the current state of cloud deployments and risks.

McAfee's report shed light on the fact that nearly a quarter of the data stored in the cloud can be categorized as sensitive which could put organisations at risk if it is stolen or leaked. The amount of sensitive data stored in the cloud has also increased by 53 per cent year-over-year, highlighted the need for organisations to adopt a cloud strategy with data loss protection, configurable audits and collaboration controls.

The study also found that the average enterprise experiences more than 2,200 misconfiguration incidents each month in their infrastructure-as-a-service (IaaS) and platform-as-a-service (PaaS) instances. 

Cloud service providers are only responsible for the security of the cloud itself and companies are responsible for securing their data. This is why businesses must deploy cloud security solutions that span the whole cloud spectrum from sofware-as-a-service (SaaS) to IaaS and PaaS.

Cloud collaboration and uncontrolled sharing

Cloud services have made it possible for employees to easily collaborate with one another and share documents with just a few clicks. However, uncontrolled sharing can expose sensitive data.

According to McAfee, 22 per cent of cloud users share files externally and sharing sensitive data with an open, publicly accessible link has increased by 23 per cent year-over-year. Sending sensitive data to a personal email address has also growing in popularity with an increase by 12 per cent year-over-year.

To prevent uncontrolled sharing from being the cause of data leaks, companies must first gain visibility of all their cloud services and then enforce appropriate security policies that limit sensitive data from being stored in unapproved cloud services.

Compromised accounts and insider threats

Compromised accounts and insider threats make up most of the threats to data in the cloud with 80 per cent of all organisations experiencing at least one compromised account threat per month. Additionally 92 per cent of all organisations have stole cloud credentials for sale on the Dark Web making them easy targets for hackers.

To protect themselves from these threats, businesses should take advantage of cloud access security brokers (CASB). These cloud-native services enforce security, compliance and governance policies for cloud services.

Senior Vice President of McAfee's Cloud Security Business, Rajiv Gupta provided further insight on the findings of the report, saying:

“Operating in the cloud has become the new normal for organizations, so much so that our employees do not think twice about storing and sharing sensitive data in the cloud. Accidental sharing, collaboration errors in SaaS cloud services, configuration errors in IaaS/PaaS cloud services, and threats are all increasing. In order to continue to accelerate their business, organizations need a cloud-native and frictionless way to consistently protect their data and defend from threats across the spectrum of SaaS, IaaS and PaaS.” 

https://ift.tt/2OgcOQ6

No comments:

Post a Comment