Why your data in the cloud isn't as secure as you think

Data in the cloud may be more exposed to attacks and breaches than enterprises think, according to a new report from McAfee. The activity of sharing sensitive data in the cloud has increased 53% year-over-year, and nearly a quarter of all data in the cloud is sensitive, Tuesday’s Cloud Adoption and Risk Report found.

This sensitive data puts organizations at risk for damaging attacks if it is lost or stolen, a press release for the report said. All in all, 21% of all files in the cloud contain some form of sensitive data, and that number is up 17% from 2016.

The act of sharing sensitive data using an open, public link is up 23% from 2016, the release said. The release also noted that some 48% of all files in the cloud eventually get shared, and 22% of cloud users will share files externally–a number that increased 21% year-over-year

SEE: Cloud computing policy (Tech Pro Research)

Companies are moving at breakneck speeds to create new experiences in the cloud, but they are having issues with configurations. The average enterprise experiences 2,200 misconfiguration incidents per month in Infrastructure as a Service (IaaS) and Platform as a Service (PaaS) instances alone, the release said. As such, IT leaders must be paying more attention to cloud security.

“Cloud service providers only cover the security of the cloud itself, not customer data,” the release noted. “Companies using the cloud are in fact always responsible for securing their data stored in cloud services across both software-as-a-service (SaaS), IaaS and platform-as-a-service (PaaS). This highlights the need to deploy cloud security solutions that span the whole cloud spectrum, from SaaS to IaaS and PaaS.”

Part of the problem has to do with misunderstanding the number of services users. Most of the users surveyed believed they had about 30 unique cloud services in their environment, while the data puts that number closer to 2,000 in reality.

In terms of IaaS platforms, 84% of respondents were using Amazon Web Services (AWS), the release said. However, 78% of those using IaaS were also running Microsoft Azure alongside AWS. At any given time, organizations have an average of 14 misconfigured IaaS instances running, the release said. Monitoring all of these instances, regardless of the vendor, should be standard practice, McAfee noted in the release.

Threat events in the cloud are increasing, and 80% of all organizations are dealing with at least one compromised account threat per month, on average, the release noted. The cloud opens up a host of new business opportunities, but company leaders must seek to understand all of its implications, and how they can protect themselves, before diving all-in.

The big takeaways for tech leaders:

21% of all files in the cloud contain some form of sensitive data, and that number is up 17% from two years ago in 2016. — McAfee, 2018
Most leaders think their company has roughly 30 unique cloud services, but the real number is closer to 2,000. — McAfee, 2018

TechRepublic Premium editorial calendar: IT policies, checklists, toolkits and research for download

TechRepublic Premium content helps you solve your toughest IT issues and jump-start your career or next project.

Payroll

The best human resources payroll software of 2023

With a lot of choices in the market, we have highlighted the top six HR and payroll software options for 2023.

A computer running Windows 11. — Image: Microsoft.

Software

Windows 11 update brings Bing Chat into the taskbar

Microsoft's latest Windows 11 allows enterprises to control some of these new features, which also include Notepad, iPhone and Android news.

A software engineer works from home. — Image: tanatat/Adobe Stock

CXO

Tech jobs: No rush back to the office for software developers as salaries reach $180,000

Salaries for remote roles in software development were higher than location-bound jobs in 2022, Hired finds.

Project management process to manage and develop with resources to deliver quality product, agile development cycle, businessman project manager balance on clock juggling project management elements. — Image: Nuthawut/Adobe Stock

Software

The 10 best agile project management software for 2023

With so many agile project management software tools available, it can be overwhelming to find the best fit for you. We've compiled a list of 10 tools you can use to take advantage of agile within your organization.

A user typing a password. — Image: Song_about_summer/Adobe Stock

Security

1Password is looking to a password-free future. Here’s why

With phishing-based credentials theft on the rise, 1Password CPO Steve Won explains why the endgame is to 'eliminate’ passwords entirely.

PURPOSE This policy from TechRepublic Premium provides guidelines for reliable and secure backups of end user data. It outlines the responsibilities of IT departments and employees to identify tasks and action items for each group. The policy can be customized to fit the needs of your organization. From the policy: IT STAFF RESPONSIBILITIES IT staff ...

This policy from TechRepublic Premium provides guidelines for the appropriate use of electronic communications. It covers topics such as privacy, confidentiality and security; ensures electronic communications resources are used for appropriate purposes; informs employees regarding the applicability of laws and company policies to electronic communications; and prevents disruptions to and misuse of company electronic communications ...

PURPOSE Change is inevitable in any technological sector; it brings new features, functions and opportunities and helps businesses prosper through evolution. However, change can be detrimental to company operations if not executed properly through advanced notification of and approval by involved personnel. This change order form is designed to help you plan, implement and track ...

Why your data in the cloud isn’t as secure as you think