Cloud data is spread across various platforms, often outside the reach of enterprise management: Research Findings
In a recent study, McAfee's Enterprise Supernova: The Data Dispersion Cloud Adoption and Risk Report, has highlighted numerous concerns regarding the security of data in the cloud. The report, based on a survey of 1,000 enterprise organisations across 11 countries, investigates anonymised events from 30 million enterprise cloud users.
The findings suggest that the use of cloud services is associated with a variety of new risks. For instance, 52% of companies have experienced user data breaches in cloud services, and 49% of files that enter a cloud service are eventually shared. One in 10 files containing sensitive data shared in the cloud use a publicly accessible link to the file, an increase of 111% year-over-year.
Moreover, the report points out that the use of personal devices, the movement of data between cloud services, and the proliferation of high-risk cloud services create additional areas of risk. It is concerning that 79% of companies allow access to enterprise-approved cloud services from personal devices, and thousands of other cloud services are used ad-hoc without proper vetting.
Collaboration within and between cloud services also creates a new challenge for data protection, as it facilitates the transfer of data. According to the study, 26% of files in the cloud contain sensitive data, an increase of 23% year-over-year.
The report also reveals that 93% of CISOs understand it's their responsibility to secure data in the cloud. However, 30% of companies lack the staff with the necessary skills to secure their Software-as-a-Service applications, an increase of 33% from last year.
Rajiv Gupta, senior vice president, Cloud Security, McAfee, stressed the need for a data-centric security approach in today's cloud-first environment. He also noted that both technology and training are often outpaced by the rapid expansion of cloud usage.
The report offers recommendations on how organisations can break the paradigm of network-centric security and better secure their data in the cloud. It is clear that as cloud services continue to replace many business-critical applications formerly run as on-premises software, addressing these concerns will become increasingly important.
