Data in the cloud is more exposed than organisations think

Data stored in the cloud is not nearly as secure as companies think, new research from cybersecurity firm McAfee has found.

The company's latest Cloud Adoption and Risk Report analysed billions of events from customers production cloud use to better assess the current state of cloud deployments and risks.

It found nearly a quarter of the data stored in the cloud can be categorized as sensitive in that it could put organisations at risk if it is stolen or leaked. The amount of sensitive data stored in the cloud has also increased by 53 per cent year-over-year, highlighting the need for organisations to adopt a cloud strategy with data loss protection, configurable audits and collaboration controls.

The study also found that the average enterprise experiences more than 2,200 misconfiguration incidents each month in their infrastructure-as-a-service (IaaS) and platform-as-a-service (PaaS) instances. 

Cloud service providers are only responsible for the security of the cloud itself and companies are responsible for securing their data. This is why businesses must deploy cloud security solutions that span the whole cloud spectrum from software-as-a-service (SaaS) to IaaS and PaaS.

Uncontrolled sharing

Cloud services have made it possible for employees to easily collaborate with one another and share documents with just a few clicks. However, uncontrolled sharing can expose sensitive data.

According to McAfee, 22 per cent of cloud users share files externally and sharing sensitive data with an open, publicly accessible link has increased by 23 per cent year-over-year. Sending sensitive data to a personal email address has also growing in popularity with an increase by 12 per cent year-over-year.

To prevent uncontrolled sharing from being the cause of data leaks, companies must first gain visibility of all their cloud services and then enforce appropriate security policies that limit sensitive data from being stored in unapproved cloud services.

Compromised accounts and insider threats

Compromised accounts and insider threats make up most of the threats to data in the cloud with 80 per cent of all organisations experiencing at least one compromised account threat per month. Additionally 92 per cent of all organisations have stole cloud credentials for sale on the Dark Web making them easy targets for hackers.

To protect themselves from these threats, businesses should take advantage of cloud access security brokers (CASB). These cloud-native services enforce security, compliance and governance policies for cloud services.

Senior Vice President of McAfee's Cloud Security Business, Rajiv Gupta provided further insight on the findings of the report, saying:

“Operating in the cloud has become the new normal for organizations, so much so that our employees do not think twice about storing and sharing sensitive data in the cloud. Accidental sharing, collaboration errors in SaaS cloud services, configuration errors in IaaS/PaaS cloud services, and threats are all increasing. In order to continue to accelerate their business, organizations need a cloud-native and frictionless way to consistently protect their data and defend from threats across the spectrum of SaaS, IaaS and PaaS.” 

Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.