Thousands of data loss incidents occur monthly in the cloud, heightening the risk of sensitive data loss or regulatory non-compliance.
A new research study of the broad distribution of data across devices and the cloud has highlighted critical gaps in enterprise security.
The study, “Enterprise Supernova: The Data Dispersion Cloud Adoption and Risk Report” by McAfee, revealed three key findings:
- 52% of companies use cloud services that have had user data stolen in a breach
- One in four companies have had their sensitive data downloaded from the cloud to an unmanaged personal device, where they cannot see or control what happens to the data
- Companies monitoring their cloud services with Data Loss Prevention (DLP) see an average of 45,737 incidents each month, yet only 37% have implemented DLP
More survey findings
Cloud services have replaced many business-critical applications formerly run as on-premises software, leading to a migration of sensitive data to the cloud. Use of personal devices when accessing cloud services, the movement of data between cloud services, and the sprawl of high-risk cloud services drive new areas of risk for companies using the cloud.
For organizations to secure their data they need a thorough understanding of where their data is and how it is shared—especially with the rapid adoption of cloud services.
As part of their report, McAfee surveyed 1,000 enterprise organizations in 11 countries and investigated anonymized events from 30 million enterprise cloud users to gain a holistic view of modern data dispersion.
Some of the key qualitative findings include:
- Shadow IT continues to expand enterprise risk
According to the study, 26% of files in the cloud contain sensitive data, an increase of 23% year-over-year. Ninety-one percent of cloud services do not encrypt data at rest; meaning data is not protected if the cloud provider is breached.
- Personal devices are black holes
Seventy-nine percent of companies allow access to enterprise-approved cloud services from personal devices. One in four companies have had their sensitive data downloaded from the cloud to an unmanaged, personal device, where they cannot see or control what happens to the data.
- Intercloud travel opens new paths to risk
Collaboration facilitates the transfer of data within and between cloud services, creating a new challenge for data protection. Forty-nine percent of files that enter a cloud service are eventually shared. One in 10 files that contains sensitive data and is shared in the cloud uses a publicly accessible link to the file, an increase of 111% year-over-year.
- A new era of data protection is on the horizon
Ninety-three percent of CISOs understand it is their responsibility to secure data in the cloud. However, 30% of companies lack the staff with skills to secure their Software-as-a-Service applications, up 33% from last year. Both technology and training are outpaced by the rapid expansion of cloud.
Said Rajiv Gupta, senior vice president, Cloud Security, McAfee: “The force of the cloud is unstoppable, and the dispersion of data creates new opportunities for both growth and risk. Yesterday’s network-centric protection is not sufficient for today’s cloud-first needs.” He asserts that this is an opportunity for a new paradigm of security that is data-centric, creating a spectrum of controls from the device, through the web, into the cloud, and within the cloud.