On average, an organization experiences over 2,200 misconfigured incidents every month in their public cloud instances, according to a report by McAfee. These cloud instances include infrastructure-as-a-service (IaaS) and platform-as-a-service (PaaS).
For the report, titled Cloud Adoption and Risk Report, McAfee analyzed billions of events in anonymized cloud production use to find the current state of cloud deployments and expose risks.
“Operating in the cloud has become the new normal for organizations, so much so that our employees do not think twice about storing and sharing sensitive data in the cloud,” said Rajiv Gupta, senior vice president of the Cloud Security Business, McAfee.
“Accidental sharing, collaboration errors in SaaS cloud services, configuration errors in IaaS/PaaS cloud services, and threats are all increasing. In order to continue to accelerate their business, organizations need a cloud-native and frictionless way to consistently protect their data and defend from threats across the spectrum of SaaS, IaaS and PaaS.”
Key findings of McAfee’s Cloud Adoption and Risk Report:
21% of data in cloud is sensitive
According to the report, organizations consider around a quarter of their data in the cloud as sensitive. This shows that putting sensitive data in cloud has increased by 53% year over year. Organizations are at risk of the sensitive data being stolen or leaked in case a misconfigured cloud incident occurs.
Today, more and more organizations are using public cloud for providing new digital experiences to their customers. But the organizations that haven’t adopted a cloud strategy are at risk of losing their most valuable asset. A right cloud strategy can include data loss protection, configuration audits, and collaboration controls.
Further, organizations without cloud strategy are also exposing themselves to risk of noncompliance with internal and external regulations.
20% of sensitive data in cloud runs through email services
No doubt, the cloud services help organizations accelerate their business by making the more agile with resources, offering ability to scale and opportunities for collaboration.
Cloud services like Office 365 increase the effectiveness of collaboration, that involves sharing. However, uncontrolled sharing can result in data exposure. The report found that 22% of cloud users share files externally, an increase of 21% YoY.
Sharing of sensitive data with an open, publicly accessible link has increased by 23%, whereas, sensitive data sent to personal email address has increased by 12% YoY.
Top collaboration and file sharing services
For last five years, an Office 365 application is dominating the list of top 10 collaboration services, followed by G Suite services.
Enterprises using IaaS and PaaS had 14 misconfigured services running at any given time
Currently, 65% organizations globally are using some form of IaaS, while 52% are using PaaS.
Since, it is costly to buy and maintain servers, organizations go for IaaS and PaaS. It gives IT teams the ability to spin up virtual machines, containers or functions as a service, as per the need.
For IaaS and PaaS, organizations are trusting Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP) the most. AWS clearly leads the pack with 94% of all IaaS usage share. Azure and GCP account for 3.7% and 1.3% shares respectively.
Additionally, 78% of organizations are using a multi-cloud strategy, leveraging both AWS and Azure together.
McAfee study found that on average, enterprises using IaaS and PaaS had 14 misconfigured services running at any given time, resulting in an average of 2,269 misconfiguration incidents per month.
80% organizations experience at least 1 compromised account threat per month
As per the report, most of the threats to data in cloud results from compromised accounts and insider threats. On average, an organization generates over 3.2 billion threat events per month in the cloud. These threat events include compromised account, privileged user, insider threat etc. Such events have increased by 27.7% YoY.
80% of all organizations report that they experienced at least one compromised account threat per month. Whereas, 92% of organizations has stolen cloud credentials for sale on the Dark Web.
For security of sensitive data in cloud storage, file-sharing and collaboration applications, enterprises will need to first understand the cloud services they are using. Further, they must identify which services hold sensitive data, and how that data is being shared and with whom.
When they know these things, they can push suitable security policies to prevent highly sensitive data from being stored in unapproved cloud services. They also need to continuously audit and monitor their IaaS and PaaS configurations.
Download the full Cloud Adoption & Risk Report here.