As Cloud Adoption Grows, DLP Remains Key Challenge

As businesses use the cloud to fuel growth, many fail to enforce data loss prevention or control how people share data.

The cloud is no longer a mystery to todays companies, which capitalize on its benefits to fuel growth, but securing cloud-based data, applications, and infrastructure remains a challenge.
As part of its most recent Cloud Adoption and Risk Report, researchers with McAfee polled 1,000 enterprise organizations around the world and combined their data with insight from billions of anonymized cloud events across their customer base. Most cloud adopters (87%) report business acceleration, and 52% claim to experience better security. A closer look at the numbers, however, reveals a need to better control information and applications in the cloud.
Only 26% of respondents say they can audit infrastructure-as-a-service (IaaS) configurations such as open access to storage buckets. One-third say they can control application collaboration settings. Slightly more (36%) can enforce data loss prevention (DLP) in the cloud. More than 35% of businesses with a cloud access security broker (CASB) are more likely to be able to launch new products and speed time to market — but only one-third of respondents use them.
Its a matter of maturity, says Vittorio Viarengo, vice president of product for McAfees cloud unit. Two years ago, security was the main obstacle to cloud adoption as companies hesitated to share data with providers. Now, with providers buckling down on security and business decisions accelerating the transition to the cloud, theyve grown accustomed to the switch but fail to realize cloud providers dont cover all security. In some ways, theyre still responsible.
As researchers point out in the report, the one element of security that cloud providers cant cover for their customers is how their services are actually used, specifically the data that is stored in those services, shared externally, and accessed from myriad devices and locations. For example, say confidential data is stored in an Office 365 file shared with a customer, Viarengo explains. Of course, Microsoft isnt going to be responsible for that … thats user behavior.
Its worth noting only 40% of respondents can control access to cloud data for personal devices, meaning 60% have no knowledge of how employees are putting sensitive files on their phones or laptops and taking it out of the organization. Thirty percent enforce the same DLP policies across employee devices, the corporate network, and the cloud, researchers
discovered
.
The shared responsibility model dictates how businesses are responsible for data. Businesses need to know what data needs to be protected, where it goes, and who can access it based on internal policies and compliance requirements. First, they have to know where data resides.
Sensitive Data: Emerging from Shadow IT
One-third of respondents say they can discover and remediate shadow IT, but Viarengo points out that companies have taken steps to address this problem and officially sanction cloud apps and services. Researchers report only 10% of sensitive company data resides in unsanctioned applications, and the overall risk of sensitive data exposure via shadow IT has diminished.
So, where is sensitive data stored? Sixty-five percent is stored in collaboration and business apps, including Office 365, which holds 31% of sensitive enterprise data. Salesforce holds 16%, and Box and Dropbox together hold 7%. Overall, 25% of sensitive corporate data lives in IaaS platforms, including Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform.
When protecting data in the cloud, researchers recommend starting with apps that hold the majority of sensitive information and working your way down. Whether the business already uses those apps or is planning to launch them, the approach can help maximize risk mitigation.
Related Content:
How to Build a Cloud Security Model
The Life-Changing Magic of Tidying Up the Cloud
Cloud Security Spend Set to Reach $12.6B by 2023
Security Pros Agree: Cloud Adoption Outpaces Security

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
As Cloud Adoption Grows, DLP Remains Key Challenge