Kaspersky Lab says nearly half of cloud-using businesses don't know whether their data is local or in the cloud, creating a ticking cybersecurity bomb.
Building a slide deck, pitch, or presentation? Here are the big takeaways:
- 42% of cloud-utilizing enterprises lack a clear understanding of where their data lives, which in turn means they don't know if it's secure. -Kaspersky Lab, 2017
- Nearly half of enterprise and SMBs have suffered data theft from a third-party cloud host, and most don't realize that those providers aren't responsible for data theft. -Kaspersky Lab, 2017
A new report from Kaspersky Lab is calling attention to a growing problem that it calls the "cloud zoo:" A morass of data that businesses simply can't wrap their IT departments around.
Without clarity as to the location and status of their data, or control over its existence, companies are increasingly facing a cybersecurity landscape they can't be sure of. Some 42% of the enterprise, and 36% of SMBs, said don't know where their data lives, and thus have no knowledge of its integrity or security.
With 78% of businesses using at least one cloud solution, the cloud zoo is a growing concern. As adoption of online digital solutions climbs toward near 100%, companies need to be acutely aware of every bit of their data.
Who is responsible for the security of the cloud?
Kaspersky points out that the growth of the cloud has led to a blurring of who is responsible for data security: Businesses think it's their cloud providers, but contracts often specifically state otherwise.
"Service level agreements usually state that the service provider only covers 'service availability' and 'security of the cloud infrastructure,'" Kaspersky said in the report. "This means that ransomware or DDoS attacks which affect data within the cloud, for example, are the responsibility of the customer."
SEE: Everything as a Service: Why companies are making the switch to SaaS, IaaS, PaaS, and more (Tech Pro Research)
Some 41% of enterprises, and 46% of SMBs, have had customer data and employee information stolen due to a third-party cloud storage breach—and if those businesses have entered into an agreement similar to that mentioned above, they don't have anyone to hold accountable.
Seven out of 10 SaaS- and cloud-using businesses have no plan in place to deal with a security incident like the aforementioned, the report said. A quarter of these firms even say they haven't bothered to check the compliance credentials of their cloud partners.
Training the zookeepers
The business cloud definitely looks like a zoo if Kaspersky's numbers are accurate. But that doesn't mean that the situation can't be tamed.
Kaspersky gives several suggestions for getting a handle on cloud security as it continues to become more and more essential to business:
- Know what files are living where by implementing a cloud ecosystem visibility plan. Have a clear map of all the services you use, who is responsible for each, what they contain, and what their purpose is.
- Each part of the cloud systems you use, whether hybrid, hosted, or public, should have security measures in place that treat it just like local file storage.
- Have a security plan in place for the eventual breach of a vendor. It's not a matter of if it will happen—it's a matter of when.
- Implement a solid access control policy, and know who has the ability to use what cloud services.
- If possible, put cloud services behind a single sign on or password management platform. Users should only be able to gain access if they've already certified their identity with that service.
Be sure to check out Kaspersky Lab's full Cloud Zoo report for more details (linked at the beginning of this article).
- Special report: The cloud v. data center decision (free PDF) (TechRepublic)
- Cloud computing security: This is where you'll be spending the money (ZDNet)
- Hybrid cloud: The smart person's guide (TechRepublic)
- The paradox of cloud data: it saves money, but can be costly, too (ZDNet)
- Top 5: Things to know about cloud security (TechRepublic)