Data in the cloud may be more exposed to attacks and breaches than enterprises think, according to a new report from McAfee. The activity of sharing sensitive data in the cloud has increased 53% year-over-year, and nearly a quarter of all data in the cloud is sensitive, Tuesday’s Cloud Adoption and Risk Report found. This sensitive data puts organizations at risk for damaging attacks if it is lost or stolen, a press release for the report said. All in all, 21% of all files in the cloud contain some form of sensitive data, and that number is up 17% from 2016.
The act of sharing sensitive data using an open, public link is up 23% from 2016, the release said. The release also noted that some 48% of all files in the cloud eventually get shared, and 22% of cloud users will share files externally—a number that increased 21% year-over-year
Companies are moving at breakneck speeds to create new experiences in the cloud, but they are having issues with configurations. The average enterprise experiences 2,200 misconfiguration incidents per month in Infrastructure as a Service (IaaS) and Platform as a Service (PaaS) instances alone, the release said. As such, IT leaders must be paying more attention to cloud security.
Cloud service providers only cover the security of the cloud itself, not customer data, the release noted. Companies using the cloud are in fact always responsible for securing their data stored in cloud services across both software-as-a-service (SaaS), IaaS and platform-as-a-service (PaaS). This highlights the need to deploy cloud security solutions that span the whole cloud spectrum, from SaaS to IaaS and PaaS. Part of the problem has to do with misunderstanding the number of services users. Most of the users surveyed believed they had about 30 unique cloud services in their environment, while the data puts that number closer to 2,000 in reality.
In terms of IaaS platforms, 84% of respondents were using Amazon Web Services (AWS), the release said. However, 78% of those using IaaS were also running Microsoft Azure alongside AWS. At any given time, organizations have an average of 14 misconfigured IaaS instances running, the release said. Monitoring all of these instances, regardless of the vendor, should be standard practice, McAfee noted in the release.
Threat events in the cloud are increasing, and 80% of all organizations are dealing with at least one compromised account threat per month, on average, the release noted. The cloud opens up a host of new business opportunities, but company leaders must seek to understand all of its implications, and how they can protect themselves, before diving all-in.