Businesses run on data, yet security and risk management professionals are left with a patchwork of controls at the device, network, and cloud level, according to a survey on ‘data dispersion’ and adoption of the cloud as storage.
Some enterprises are leaving themselves open to loss of sensitive data and to regulatory non-compliance, due to broad distribution of data across devices and the cloud – including cloud services used ad hoc and without checks, it is claimed.
About half, 52 percent of companies use cloud services that have had user data stolen in a breach, according to a survey. By leaving gaps into the visibility of their data, organisations leave themselves open to loss of sensitive data and to regulatory non-compliance, it’s claimed by a cyber product firm.
Cloud services have replaced many business-critical applications formerly run as on-premises software, leading to a migration of sensitive data to the cloud. Use of personal devices when accessing cloud services, the movement of data between cloud services, and the sprawl of high-risk cloud services drive new areas of risk for companies using the cloud. For organisations to secure their data they need a thorough understanding of where their data is and how it is shared—especially with the rapid adoption of cloud services, says McAfee. The company surveyed 1,000 enterprises in 11 countries and looked at anonymised events from 30 million enterprise cloud users.
Rajiv Gupta, senior vice president, Cloud Security, McAfee said: “The force of the cloud is unstoppable, and the dispersion of data creates new opportunities for both growth and risk. Security that is data-centric, creating a spectrum of controls from the device, through the web, into the cloud, and within the cloud provides the opportunity to break the paradigm of yesterday’s network-centric protection that is not sufficient for today’s cloud-first needs.”
Most, 79 per cent of companies allow access to enterprise-approved cloud services from personal devices. One in four companies have had their sensitive data downloaded from the cloud to an unmanaged, personal device, beyond corporate control, the cyber company points out.
Naerly all, 93 per cent of CISOs understand it’s their responsibility to secure data in the cloud. However, some 30 percent of companies lack the staff with skills to secure their Software-as-a-Service (SaaS) applications, up 33 percent from last year. Both technology and training are outpaced by the rapid expansion of cloud, McAfee suggests.
Nigel Hawthorn, EMEA Marketing Director, Cloud Business Unit at McAfee spoke of cloud security requiring a layered defence, and from service providers to enterprises and individual users, everyone is accountable. He likened it to a family renting a car. “The manufacturer is responsible for the build quality and the airbags working, the rental company takes ownership of servicing and keeping the car roadworthy, while the driver is ultimately responsible for driving the car safely and carefully. Everyone has a shared responsibility and a part to play.”
