McAfee: Widely Dispersed Data in the Cloud Poses Enterprise Risk
January 28, 2020
released a new research study titled Enterprise Supernova: The Data
Dispersion Cloud Adoption and Risk Report. The results describe the
broad distribution of data across devices and the cloud, highlighting
critical gaps for enterprise security. Seventy-nine percent of companies
surveyed store sensitive data in the public cloud. While these companies
approve an average of 41 cloud services each, up 33 percent from last
year, thousands of other services are used ad-hoc without vetting. In
addition, 52 percent of companies use cloud services that have had user
data stolen in a breach. By leaving significant gaps into the visibility
of their data, organizations leave themselves open to loss of sensitive
data and to regulatory non-compliance.
Personal devices are black holes: Seventy-nine percent of companies allow access to enterprise-approved cloud services from personal devices. One in four companies have had their sensitive data downloaded from the cloud to an unmanaged, personal device, where they can’t see or control what happens to the data.
Intercloud travel opens new paths to risk: Collaboration facilitates the transfer of data within and between cloud services, creating a new challenge for data protection. Forty-nine percent of files that enter a cloud service are eventually shared. One in 10 files that contain sensitive data and are shared in the cloud use a publicly accessible link to the file, an increase of 111 percent year-over-year.
A new era of data protection is on the horizon: Ninety-three percent of CISOs understand it’s their responsibility to secure data in the cloud. However, 30 percent of companies lack the staff with skills to secure their Software-as-a-Service applications, up 33 percent from last year. Both technology and training are outpaced by the rapid expansion of cloud.
“The force of the cloud is
unstoppable, and the dispersion of data creates new opportunities for
both growth and risk,” said Rajiv Gupta, senior vice president, Cloud
Security, McAfee. “Security that is data-centric, creating a spectrum of
controls from the device, through the web, into the cloud, and within
the cloud provides the opportunity to break the paradigm of yesterday’s
network-centric protection that is not sufficient for today’s