Skip to main content

Data in the cloud is more exposed than organisations think

Data stored in the cloud is not nearly as secure as companies think, new research from cybersecurity firm McAfee has found.

The company's latest Cloud Adoption and Risk Report analysed billions of events from customers production cloud use to better assess the current state of cloud deployments and risks.

It found nearly a quarter of the data stored in the cloud can be categorized as sensitive in that it could put organisations at risk if it is stolen or leaked. The amount of sensitive data stored in the cloud has also increased by 53 per cent year-over-year, highlighting the need for organisations to adopt a cloud strategy with data loss protection, configurable audits and collaboration controls.

The study also found that the average enterprise experiences more than 2,200 misconfiguration incidents each month in their infrastructure-as-a-service (IaaS) and platform-as-a-service (PaaS) instances. 

Cloud service providers are only responsible for the security of the cloud itself and companies are responsible for securing their data. This is why businesses must deploy cloud security solutions that span the whole cloud spectrum from software-as-a-service (SaaS) to IaaS and PaaS.

Uncontrolled sharing

Cloud services have made it possible for employees to easily collaborate with one another and share documents with just a few clicks. However, uncontrolled sharing can expose sensitive data.

According to McAfee, 22 per cent of cloud users share files externally and sharing sensitive data with an open, publicly accessible link has increased by 23 per cent year-over-year. Sending sensitive data to a personal email address has also growing in popularity with an increase by 12 per cent year-over-year.

To prevent uncontrolled sharing from being the cause of data leaks, companies must first gain visibility of all their cloud services and then enforce appropriate security policies that limit sensitive data from being stored in unapproved cloud services.

Compromised accounts and insider threats

Compromised accounts and insider threats make up most of the threats to data in the cloud with 80 per cent of all organisations experiencing at least one compromised account threat per month. Additionally 92 per cent of all organisations have stole cloud credentials for sale on the Dark Web making them easy targets for hackers.

To protect themselves from these threats, businesses should take advantage of cloud access security brokers (CASB). These cloud-native services enforce security, compliance and governance policies for cloud services.

Senior Vice President of McAfee's Cloud Security Business, Rajiv Gupta provided further insight on the findings of the report, saying:

“Operating in the cloud has become the new normal for organizations, so much so that our employees do not think twice about storing and sharing sensitive data in the cloud. Accidental sharing, collaboration errors in SaaS cloud services, configuration errors in IaaS/PaaS cloud services, and threats are all increasing. In order to continue to accelerate their business, organizations need a cloud-native and frictionless way to consistently protect their data and defend from threats across the spectrum of SaaS, IaaS and PaaS.” 

Anthony Spadafora

After living and working in South Korea for seven years, Anthony now resides in Houston, Texas where he writes about a variety of technology topics for ITProPortal and TechRadar. He has been a tech enthusiast for as long as he can remember and has spent countless hours researching and tinkering with PCs, mobile phones and game consoles.