Large Majority of Businesses Store Sensitive Data in Cloud Despite Lack of Trust

  /     /     /  
Publicated : 22/11/2024   Category : security


Large Majority of Businesses Store Sensitive Data in Cloud Despite Lack of Trust


Researchers report 97% of survey respondents use some type of cloud service but continue to navigate issues around visibility and control.



RSA CONFERENCE 2018 – San Francisco – Businesses relying on public cloud storage arent entirely sure their data will be safe there, researchers at McAfee report. Eighty-three percent of companies surveyed store sensitive data in the public cloud, but only 69% trust the cloud will keep their information secure.
Results of the survey, which polled 1,400 IT professionals on cloud adoption and security, showed 97% of respondents are using some type of cloud service but continue to navigate issues around visibility and control. Some are moving to the cloud slowly, held back by poor visibility; others are moving ahead despite the risk of security issues.
Personal customer information is the most common form of cloud-based sensitive data, 61% of organizations report. About 40% use the cloud to store at least one of the following data types: internal documentation, payment card data, personal staff information or government identification. About 30% keep intellectual property, healthcare records, competitive intelligence, and network pass cards in the public cloud.
Survey results show once its in the cloud, this information is at risk. One in four organizations using infrastructure-as-a-service (IaaS) or software-as-a-service (SaaS) has had their data stolen. One in five has been hit with an advanced attack against their public cloud infrastructure.
McAfee researchers discovered an overall decline in the cloud-first mentality, with only 65% of respondents reporting a cloud-first strategy compared with 82% one year ago. This drop can be attributed to two factors, says Vittorio Viarengo, vice president of marketing for McAfees Cloud Business Unit. The first is a growing awareness of the responsibility that comes with storing data in the public cloud.
Customers are realizing theyre still on the hook to provide security for some of the things that happen in the cloud, he explains. Theyre learning, for example, service providers dont ensure their logins are properly set up, or the security risks of remote employees using cloud services. Theyre learning what theyre responsible for when they use IaaS platforms versus SaaS.
The second is an acceptance that they dont immediately need to move everything to the public cloud, an option especially appealing to institutions like the government, which is one of many industries thats still skeptical of the cloud, says Viarengo.
They are realizing the hybrid cloud and private cloud theyve been building for years, are going to be around for a long time, he says. If an organization has invested twenty years in on-prem processes, it might be easier to keep running them on-prem than move them into the cloud.
The combination of public and private cloud is the most common architecture, with 59% of
respondents
stating they use hybrid cloud. The larger the business, the more likely it is to go hybrid: in organizations with up to 1,000 employees, 54% relied on hybrid cloud; in enterprises with more than 5,000 employees, 65% use it.
As the cloud becomes more popular, security teams should be looking outside their organizations perimeter and rethinking their security models. Tasks IT used to do will be replaced as cloud continues to grow and businesses lose control over the networks, devices, and applications storing their data. Cloud-focused IT teams dont have the same visibility as they did with on-prem environments.
User preference is in the cloud, Viarengo points out. And in the cloud, you dont own anything but youre still on the hook for security … [organizations] need to ascertain visibility and control over enterprise data when they dont own the back end.
Companies leading the charge in cloud adoption are most concerned about visibility, which lets them adopt cloud sooner, and improved controls. Those who prioritize visibility are more likely to have a relaxed approach to shadow IT, researchers found. They view it not as something to shut down, but instead a sign of how the workplace will operate in the future.
Viarengo emphasizes three steps for companies to take when moving data and processes to the cloud. The first of these is to classify information. As data is uploaded or created in the cloud, you need a mechanism to know whats inside it, he says, noting that the cloud holds credit card information, corporate secrets, patent data, or healthcare data, youll need to know how to secure it.
Next up: define the policy, and whats acceptable and unacceptable as far as your company is concerned. Is it ok to share data that has confidential information? If so, with whom can that information be shared? Can people access confidential data from their personal devices?
His third recommendation is to track everything that goes on. Know which users can access which applications, and from which locations and devices they access them. Youll be able to establish patterns for each user and, when something happens, you can go back and conduct forensics on the information you collected. If someone normally accesses data from Palo Alto, and ten minutes later they access the same data from China, its a red flag.
Related Content:
7 Steps to a Smooth, Secure Cloud Transition
On-Premise Security Tools Struggle to Survive in the Cloud
Serverless Architectures: A Paradigm Shift in Application Security
Misconfigured Clouds Compromise 424% More Records in 2017
Join Dark Reading LIVE for two cybersecurity summits at Interop ITX. Learn from the industry’s most knowledgeable IT security experts. Check out the
security track here
. Register with Promo Code DR200 and save $200.

Last News

▸ Scan suggests Heartbleed patches may not have been successful. ◂
Discovered: 23/12/2024
Category: security

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Large Majority of Businesses Store Sensitive Data in Cloud Despite Lack of Trust