Companies today are turning to public cloud services like Dropbox, Microsoft Office 365, and Amazon Web Services (AWS) as well as cloud-based email to accelerate growth. According to a report by McAfee, the average organization now uses 1,935 cloud services. In fact, some organizations couldn’t function today without the cloud. With that said, however, a company should not just adopt the cloud blindly. As stated in the report, the cloud poses several security risks that firms must take into consideration before adopting the technology.
With more and more enterprise activity occurring on the cloud, more and more business-critical or sensitive data and workloads are migrating to it. 83% of organizations worldwide now store sensitive data in the cloud, while only 25% of this data is adequately protected with stringent and necessary measures. Sensitive data includes confidential information, email, password-protected data, personally identifiable information (PII), payment data, and personal health information (PHI). This is an attractive target for data breaches. The majority of threats to data consist mostly of compromised accounts and insider threats.
Related article: 4-Point checklist for cloud-based disaster recovery plan
In fact, 80% of organizations are going to experience at least one compromised account this month. But on average, organizations experienced 12.2 incidents where stolen account credentials were used to gain access to corporate data stored in the cloud service. It was also found that 92% have cloud credentials for sale on the dark web.
A solution that many of these businesses have yet to adopt is the use of multifactor authentication by employees at all levels. This will greatly reduce the risk from compromised accounts in cloud services. Non-implementation of solutions such as this highlights a greater problem, the lack of a culture of cybersecurity awareness.
These are people within an organization who have information concerning the organization’s security practices, data, and computer systems. Targeted attacks or attacks over long periods that are backed by expertise and sufficient resources many times begin with insider threats. On average, organizations experience 14.8 insider threat incidents every month.
A great number of insider threats are so-called privileged user threats or security risks from people who have unlimited permissions to systems (such as cloud services or industrial control systems), user endpoints (such as PCs and mobile devices), or data. About 58.2% of organizations experience privileged user threats such as an administrator accessing data in an executive’s account or security settings modified sufficiently but unintentionally to weaken security.
Related article: What Are the Security Implications of Cloud Computing?
Anyone with a link
Increased collaboration has been one of the key tenets of cloud services, but it is also one of the drivers of sensitive data loss. The reality is that 48% of all files in the cloud are eventually shared and 8% of all files shared contain sensitive data. Sharing inadvertently leads to an uncontrollable spread of data.
It happens in two ways, namely by sharing data to personal email addresses and by sharing data to “anyone with a link” to it. Sending data to a personal email address from the cloud removes it from any security oversight, while sharing data to anyone with an open link is like running a web hosting service accessed by unknown individuals and organizations.
Misconfigurations in cloud security (IaaS and PaaS)
Cloud services have been cost-effective alternatives to on-premise servers and data center infrastructure. Also known as infrastructure-as-a-service (IaaS) and platform-as-a -service (PaaS), they are also a source of security gaps or vulnerabilities that malicious actors can exploit. 65% of organizations around the world use some form of IaaS and 52% use PaaS. When checked, enterprises using IaaS and PaaS have an average of 14 misconfigured services running, leading to around 2,269 misconfiguration incidents in data loss or data theft per month.
Related article: Top 5 Cloud Mistakes Every Business Should Be Wary Of
The new basic
The risk of immediate and grand-scale data loss is growing. The trends in security risks mentioned stem from the already bewildering amount of data-related activity on the cloud, human error, and the newness of cloud services. It’s important to enhance security practices by taking into account those trends. Basic security for data has to evolve.
Spectrumwise has taken those risks into account and is putting that experience and expertise at the service of protecting your data whether on-premise or in the cloud. You can rest assured that your business will not only leverage the best of the cloud but will be secure against the risks. The cloud is where business is. Look for only the proper security measures in cloud adoption. Talk to us and learn more.