Get all your news in one place.
100’s of premium titles.
One app.
Start reading
Bangkok Post
Bangkok Post
Technology

How safe is the cloud?

Nearly a quarter of all data stored online is now categorised as sensitive, putting more organisations of all sizes at risk if it is stolen or leaked, the cybersecurity company McAfee has warned.

Even more significantly, sharing of sensitive data in the cloud has increased 53% year-on-year, McAfee reports in its 2018 Cloud Adoption and Risk Report, based on an analysis of billions of events.

"Those who do not adopt a cloud strategy that includes data loss protection, configuration audits and collaboration controls, will endanger the security of their most valuable asset -- data -- while exposing themselves to increased risk of noncompliance with internal and external regulations," the report said.

The study found that while organisations use the public cloud to create new digital experiences for their customers, the average enterprise experiences some 2,200 misconfiguration incidents per month in their infrastructure and platform as-a-service (IaaS and PaaS) activities.

Cloud service providers only cover the security of the cloud itself, not customer data or customer use of their infrastructure and platforms.

"Operating in the cloud has become the new normal for organisations, so much so that employees do not think twice about storing and sharing sensitive data in the cloud," said Rajiv Gupta, senior vice-president of the cloud security business at McAfee.

BLESSING AND A CURSE

Cloud services offer a momentous opportunity through their ability to quickly scale, allowing businesses to be agile with resources and provide new opportunities for collaboration. Cloud services such as Box and productivity suites such as Office 365 are used to increase the flexibility and effectiveness of collaboration.

However, collaboration means sharing, and uncontrolled sharing can expose sensitive data. McAfee said its findings demonstrated:

  • 22% of cloud users share files externally, up 21% in the past year.
  • Sharing sensitive data with an open, publicly accessible link has increased by 23%.
  • Sensitive data sent to a personal email address increased by 12%.

To secure sensitive data in cloud storage, file-sharing and collaboration applications, organisations must first understand which cloud services are in use and holding their sensitive data, and how that data is being shared and with whom.

Once organisations have gained this visibility, they can then enforce appropriate security policies to prohibit highly sensitive data from being stored in unapproved cloud services.

They can do this by putting "guardrails" in place that prevent non-compliant sharing of sensitive data from approved cloud services, such as when data is shared with personal email addresses or through an open, public link.

MISCONFIGURATION RISKS

With software-as-a-service (SaaS), securing data, user identity and access to data is primarily the customer's responsibility. With IaaS, customers take on a much larger share of responsibility that includes data, identity, access, applications, network controls and host infrastructure.

While this provides customers with an opportunity to have greater control over their cloud infrastructure, it also increases their responsibility for security risks. IaaS providers, like Amazon Web Services (AWS), provide several infrastructure and platform services, each having deep and complicated security settings.

The security challenge is made more daunting because organisations use multiple IaaS/PaaS vendors running several instances of each vendor's product. McAfee said its research found:

  • 94% of IaaS/PaaS use involves AWS, but 78% of organisations using IaaS/PaaS have both AWS and Microsoft Azure.
  • Enterprise organisations have an average of 14 misconfigured IaaS/PaaS instances running at one time, resulting in over 2,200 individual misconfiguration incidents per month.
  • 5.5% of the S3 buckets on AWS have global-read permissions, making them open to the public.

McAfee recommends organisations continuously audit and monitor their AWS, Azure, Google Cloud Platform and other IaaS/PaaS configurations as a standard practice, while protecting data stored on those platforms, which are growing rapidly as an alternative to on-premises data centres.

Businesses need to address their security responsibilities as they would for SaaS cloud services and also configuration compliance and workload protection for IaaS/PaaS before they experience a security incident, the company said.

COMPROMISED ACCOUNTS

Most of the threats to data in the cloud result from compromised accounts and insider threats. The average organisation surveyed by McAfee generates 3.2 billion events per month in the cloud, of which 3,217 are anomalous behaviours and 31.3 are actual threat events. In addition:

  • Threat events in the cloud, such as a compromised account, privileged user, or insider threat, have increased 27.7%.
  • 80% of all organisations experience at least one compromised account threat per month.
  • 92% of all organisations have stolen cloud credentials for sale on the Dark Web.
  • Threats in Office 365 have grown by 63% year-on-year.

To get ahead of compromised accounts and insider threats, organisations should understand how cloud services are used, said McAfee.

They should also identify anomalous behaviour, such as when the same user accesses the cloud from disparate locations simultaneously, which could indicate a compromised account threat.

To download the full report, go to https://bit.ly/2zcd7WC

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Spider-Noir Producers Explain Why Nicholas Cage Is Playing Ben Reilly Instead Of Peter Parker
They gave this a lot of thought.
Cinemablend
Cinemablend
David Spade On Why Some Newbies At SNL Struggle And What He Tried To Do 'Around The Office' To Get Written Into Sketches
This makes so much sense!
Cinemablend
Cinemablend
Kanye West Just Landed His First Gig Following His Apology For Antisemitic Remarks
Ye is going to be busy this summer.
Cinemablend
Cinemablend
Bill Maher Got Apologetic For Offending Jimmy Kimmel With Former Man Show Co-Host Adam Carolla: 'I Don’t Think Jimmy Is An A--hole'
The late-night feud continues.
Cinemablend
Cinemablend
Atlanta man shows up for first date at AMC theater. Then his Tinder date leaves after seeing his outfit: ‘I was told I was doing ‘too much’
How should you dress for a first date? That’s a question that’s bothered those looking for love for centuries—but one TikToker found the answer the hard way.
The Mary Sue
The Mary Sue
Mizkif reflects on Maya Higa breakup while discussing JasonTheWeen and Sakura split
Streamer Mizkif shared his thoughts on the recent breakup of JasonTheWeen and Sakura. He compared their situation to his own past relationship with Maya Higa. Mizkif suggested the split could impact JasonTheWeen's career positively. He also noted Sakura might face a more difficult path. This highlights the complex nature of…
The Times of India
The Times of India
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.
Download on the AppStore Get it on Google Play