McAfee has released a new research study titled Enterprise Supernova: The Data Dispersion Cloud Adoption and Risk Report.
The study looked into the broad distribution of data across devices and the cloud, highlighting critical gaps for enterprise security.
According to the report, 79 percent of companies surveyed store sensitive data in the public cloud. While these companies approve an average of 41 cloud services each, up 33 percent from last year, thousands of other services are used ad-hoc without vetting. In addition, 52 percent of companies use cloud services that have had user data stolen in a breach. By leaving significant gaps into the visibility of their data, organisations leave themselves open to loss of sensitive data and to regulatory non-compliance.
Cloud services have replaced many business-critical applications formerly run as on-premises software, leading to a migration of sensitive data to the cloud. Use of personal devices when accessing cloud services, the movement of data between cloud services, and the sprawl of high-risk cloud services drive new areas of risk for companies using the cloud. For organisations to secure their data they need a thorough understanding of where their data is and how it is shared—especially with the rapid adoption of cloud services. As part of this report, McAfee surveyed 1,000 enterprise organisations in 11 countries and investigated anonymised events from 30 million enterprise cloud users to gain a holistic view of modern data dispersion.
The McAfee report also found that shadow IT continues to expand enterprise risk. It showed that 26 percent of files in the cloud contain sensitive data, an increase of 23 percent year-over-year. Ninety-one percent of cloud services do not encrypt data at rest; meaning data isn’t protected if the cloud provider is breached.
When it comes to personal devices, the report revealed that 79 percent of companies allow access to enterprise-approved cloud services from personal devices. One in four companies have had their sensitive data downloaded from the cloud to an unmanaged, personal device, where they can’t see or control what happens to the data.
Intercloud travel opens new paths to risk, according to the study. Collaboration facilitates the transfer of data within and between cloud services, creating a new challenge for data protection. Forty-nine percent of files that enter a cloud service are eventually shared. One in 10 files that contain sensitive data and are shared in the cloud use a publicly accessible link to the file, an increase of 111 percent year-over-year.
McAfee remains optimistic as it predicts that a new era of data protection is on the horizon as it found that 93 percent of CISOs understand it’s their responsibility to secure data in the cloud. However, 30 percent of companies lack the staff with skills to secure their Software-as-a-Service applications, up 33 percent from last year. Both technology and training are outpaced by the rapid expansion of cloud.
“The force of the cloud is unstoppable, and the dispersion of data creates new opportunities for both growth and risk,” said Rajiv Gupta, senior vice president, Cloud Security, McAfee. “Security that is data-centric, creating a spectrum of controls from the device, through the web, into the cloud, and within the cloud provides the opportunity to break the paradigm of yesterday’s network-centric protection that is not sufficient for today’s cloud-first needs.”
For more information, along with recommendations on how organisations can break the paradigm of network-centric security, download the Enterprise Supernova: The Data Dispersion Cloud Adoption and Risk Report.
