A new report by McAfee revealed that thousands of data loss incidents occur every month in the cloud, leaving most at risk of sensitive data loss or regulatory non compliance.
In its “Enterprise Supernova: The Data Dispersion Cloud Adoption and Risk Report”, McAfee surveyed 1,000 enterprise organisations in 11 countries and investigated anonymised events from 30 million enterprise cloud users to gain a holistic view of modern data dispersion.
Of the companies surveyed, 79% of them store sensitive data in the public cloud. Whilst these companies approve an average of 41 cloud services each, up 33% from last year, thousands of other services are used ad-hoc without vetting.
Additionally, over half of the companies (52%) use cloud services that have had user data stolen in a breach.
“The force of the cloud is unstoppable, and the dispersion of data creates new opportunities for both growth and risk,” said Rajiv Gupta, senior vice president, Cloud Security, McAfee. “Security that is data-centric, creating a spectrum of controls from the device, through the web, into the cloud, and within the cloud provides the opportunity to break the paradigm of yesterday’s network-centric protection that is not sufficient for today’s cloud-first needs.”
The report also found that shadow IT continues to expand enterprise network, with 26% of files in the cloud containing sensitive data, to which 91% of cloud services do not encrypt data at rest; meaning data isn’t protected if the cloud provider is breached.
In addition, the report revealed that 79% of companies allow access to enterprise-approved cloud services from personal devices. Furthermore, a quarter of companies have had their sensitive data downloaded from the cloud to an unmanaged, personal device, where they can’t see or control what happens to the data.
Fortunately, a new era of data protection is on the horizon, with 93% of CISOs understanding that it’s their responsibility to secure data in the cloud. However, just under a third of companies (30%) lack the staff with skills to secure their Software-as-a-Service applications, an increase of 33% from last year.
Nigel Hawthorn, EMEA Marketing Director, Cloud Business Unit at McAfee commented:
“The move towards ‘cloud only’ is gathering pace, but it is crucial that organisations recognise their role within the shared responsibility model of security. Cloud security requires a layered defence, and from service providers to enterprises and individual users, everyone is accountable in some way.
“A good way to illustrate this is to think about a family renting a car. The manufacturer is responsible for the build quality and the airbags working, the rental company takes ownership of servicing and keeping the car roadworthy, while the driver is ultimately responsible for driving the car safely and carefully. Everyone has a shared responsibility and a part to play.
“When managed correctly, cloud is the most secure place to do business and an incredible driver of business growth and innovation. Collaboration, strong data governance and regular training are the keys to making this a reality.”
The post #Privacy: Data is widely dispersed in the cloud beyond most enterprise control appeared first on PrivSec Report.