sb-au logo
Story image

Data dispersal growing risk for enterprises, report finds

Data is widely dispersed in the cloud with a significant amount beyond enterprise control, according to a new McAfee report.

McAfee, the device-to-cloud cybersecurity company, has released a new research study titled 'Enterprise Supernova: The Data Dispersion Cloud Adoption and Risk Report'.

The results describe the broad distribution of data across devices and the cloud, highlighting critical gaps for enterprise security.

In fact, 79% of companies surveyed store sensitive data in the public cloud. While these companies approve an average of 41 cloud services each, up 33% from last year, thousands of other services are used ad-hoc without vetting, McAfee states.

In addition, 52% of companies use cloud services that have had user data stolen in a breach. By leaving significant gaps into the visibility of their data, organisations leave themselves open to loss of sensitive data and to regulatory non-compliance, according to the report.

Cloud services have replaced many business-critical applications formerly run as on-premises software, leading to a migration of sensitive data to the cloud.

Use of personal devices when accessing cloud services, the movement of data between cloud services, and the sprawl of high-risk cloud services drive new areas of risk for companies using the cloud.

For organisations to secure their data they need a thorough understanding of where their data is and how it is shared, especially with the rapid adoption of cloud services.

As part of this report, McAfee surveyed 1,000 enterprise organisations in 11 countries and investigated anonymised events from 30 million enterprise cloud users to gain a holistic view of modern data dispersion.

Enterprise Supernova: The Data Dispersion Cloud Adoption and Risk Report also reveals the following:

Shadow IT continues to expand enterprise risk: According to the study, 26% of files in the cloud contain sensitive data, an increase of 23% year-over-year. Furthermore, 91% of cloud services do not encrypt data at rest; meaning data isn’t protected if the cloud provider is breached.

Personal devices are black holes: 79% of companies allow access to enterprise-approved cloud services from personal devices. One in four companies have had their sensitive data downloaded from the cloud to an unmanaged, personal device, where they can’t see or control what happens to the data.

Intercloud travel opens new paths to risk: Collaboration facilitates the transfer of data within and between cloud services, creating a new challenge for data protection. In fact, 49% of files that enter a cloud service are eventually shared. One in ten files that contain sensitive data and are shared in the cloud use a publicly accessible link to the file, an increase of 111% year-over-year.

A new era of data protection is on the horizon: 93% of CISOs understand it’s their responsibility to secure data in the cloud. However, 30% of companies lack the staff with skills to secure their Software-as-a-Service applications, up 33% from last year. Both technology and training are outpaced by the rapid expansion of cloud.

McAfee regional director MVISION Cloud Asia Pacific Joel Camissar says, “As organisations around Australia quickly move toward cloud environments, data is no longer tied to enterprise networks. The dispersion of data fragments visibility and control, hereby, opening doors to security vulnerabilities.

“While it is expected that cloud providers have measures in place to keep data secure, cloud security is a shared responsibility and organisations need to keep at top of mind that they have a role in the security paradigm.”

"Our research reveals over a quarter of organisations across the Asia Pacific lack staff with skills to secure their Software-as-a-Service even though 79% store sensitive data in the cloud. Organisations need to be more proactive in mitigating risks involved in adopting the cloud by realising the shared responsibility model and implementing internal security measures built in the cloud for the cloud,” says Camissar.

He says, “An in-depth understanding of where data goes, and how risks have evolved with the advancement of cloud infrastructure will help inform an appropriate cloud native security framework.”

Link image
COVID-19: The tools ensuring security for remote working
Cyber threats are multiplying during the pandemic, and remote workers are at a heightened risk of cyber attack. Here are the security solutions to defend against the wave of virus-related threats.More
Story image
Mentorship key to bringing women into cybersecurity - Microsoft
“Diverse teams make better and faster decisions 87% of the time compared with all male teams, yet the actual number of women in our field fluctuates between 10 and 20%. What ideas have we missed by not including more women?”More
Story image
How to defend cloud environments against insider threats
Let’s discuss the main types of insider threats facing businesses today and explain how to mitigate their risks through various technologies.More
Story image
80% of cyber threat landscape uses COVID-19 as leverage - report
A report released recently by Proofpoint reveals the extent to which cyber attackers are capitalising on fear and paranoia surrounding the pandemic, with instances of coronavirus-themed attacks increasing every day.More
Story image
Remote workers need to improve security measures amidst COVID-19
Technological support and security measures are amongst ways organisations and their employees can protect their business as they move to remote working during the COVID-19 pandemic. More
Story image
Guardicore Labs exposes brute force MS-SQL attack campaign
The cyber attack campaign uses password brute force to breach victim machines, deploys multiple backdoors and executes numerous malicious modules, such as multifunctional remote access tools (RATs) and cryptominers. More