sb-au logo
Story image

Data is dispersed in the cloud beyond most enterprise control - McAfee

McAfee recently released a new research study titled Enterprise Supernova: The Data Dispersion Cloud Adoption and Risk Report.

The results describe the broad distribution of data across devices and the cloud, highlighting critical gaps for enterprise security.

Key Findings:

  •  52% of companies use cloud services that have had user data stolen in a breach
     
  • One in four companies have had their sensitive data downloaded from the cloud to an unmanaged personal device, where they can’t see or control what happens to the data
     
  • Companies monitoring their cloud services with data loss prevention (DLP) see an average of 45,737 incidents each month, yet only 37 % have implemented DLP.
     

79% of companies surveyed store sensitive data in the public cloud. While these companies approve an average of 41 cloud services each, up 33% from last year, thousands of other services are used ad-hoc without vetting.

In addition, 52% of companies use cloud services that have had user data stolen in a breach.

By leaving significant gaps into the visibility of their data, organizations leave themselves open to loss of sensitive data and to regulatory non-compliance.

 Cloud services have replaced many business-critical applications formerly run as on-premises software, leading to a migration of sensitive data to the cloud.

Use of personal devices when accessing cloud services, the movement of data between cloud services, and the sprawl of high-risk cloud services drive new areas of risk for companies using the cloud.

For organizations to secure their data they need a thorough understanding of where their data is and how it is shared—especially with the rapid adoption of cloud services.

As part of this report, McAfee surveyed 1,000 enterprise organizations in 11 countries and investigated anonymized events from 30 million enterprise cloud users to gain a holistic view of modern data dispersion.

Also revealed in the report:

  • Shadow IT continues to expand enterprise risk: According to the study, 26% of files in the cloud contain sensitive data, an increase of 23% year-over-year.

    91% of cloud services do not encrypt data at rest; meaning data isn’t protected if the cloud provider is breached.

     
  • Personal devices are black holes: 79% of companies allow access to enterprise-approved cloud services from personal devices.

    One in four companies has had their sensitive data downloaded from the cloud to an unmanaged, personal device, where they can’t see or control what happens to the data.

     
  •  Intercloud travel opens new paths to risk: Collaboration facilitates the transfer of data within and between cloud services, creating a new challenge for data protection.

    49% of files that enter a cloud service are eventually shared. One in 10 files that contain sensitive data and are shared in the cloud use a publicly accessible link to the file, an increase of 111% year-over-year.

     
  • A new era of data protection is on the horizon: 93% of CISOs understand it’s their responsibility to secure data in the cloud.

    However, 30% of companies lack the staff with skills to secure their software-as-a-service applications, up 33% from last year.


Both technology and training are outpaced by the rapid expansion of the cloud.

“The force of the cloud is unstoppable, and the dispersion of data creates new opportunities for both growth and risk,” says McAfee senior vice president of cloud security Rajiv Gupta.

“Security that is data-centric, creating a spectrum of controls from the device, through the web, into the cloud, and within the cloud provides the opportunity to break the paradigm of yesterday’s network-centric protection that is not sufficient for today’s cloud-first needs.”

Story image
Unbound seeks channel growth with new partner programme
Those who sign up will have access to Unbound’s security solutions, sales and partner enablement, deal registration and partner portal.More
Story image
Video: 10 Minute IT Jams - Who is LogRhythm?
LogRhythm VP of sales for Asia Pacific Simon Howe, who discusses the company's primary offerings and services, what products the company is focused on for the future, and the infrastructure it has in the A/NZ market.More
Story image
Google Cloud observes spike in DDoS volumes in last two years
Google Cloud has seen an ‘exponential’ rise in distributed denial of service (DDoS) attacks over the past decade, but the biggest attacks have only occurred in the past couple of years.More
Story image
Businesses left to make decisions based on old, inaccurate data, study finds
"It is more critical than ever that organisations have access to actionable, contextualised, near real-time threat data to power the network and application security tools they use to detect and block malicious actors."More
Story image
Gartner reveals the top strategic tech trends for 2021
“CIOs are striving to adapt to changing conditions to compose the future business - this requires the organisational plasticity to form and reform dynamically. Gartner’s top strategic technology trends for 2021 enable that plasticity.”More
Story image
How cyber-attackers use Microsoft 365 tools to steal data
Vectra security research has recently identified how cyber-attackers use Microsoft Office 365 tools against organisations to steal data and take over accounts.More