Sensitive data in Cloud more exposed than organisations think: McAfee

0
47

Sydney,   Sharing sensitive data in the Cloud has increased exponentially and nearly a quarter of the data can be categorized as sensitive, putting an organisation at risk if stolen or leaked, a McAfee report revealed on Tuesday.

Twenty one percent of all files in the Cloud contain sensitive data, demonstrating a steady increase year-over-year (YoY), said the “Cloud Adoption and Risk Report” by the cyber security company.

“Coupled with the fact that sharing sensitive data in the cloud has increased 53 per cent (YoY), those who do not adopt a cloud strategy that includes data loss protection, configuration audits and collaboration controls, will endanger the security of their most valuable asset-data,” the report warned.

“Operating in the Cloud has become the new normal for organisations, so much so that our employees do not think twice about storing and sharing sensitive data in the Cloud,” said Rajiv Gupta, Senior Vice President of the Cloud Security Business, McAfee.

The sharing of sensitive data with an open, publicly accessible link, has increased 23 per cent (YoY) and organisations have more than 2,200 individual misconfiguration incidents per month in their Public Cloud infrastructure-as-a-service (IaaS) and platform-as-a-service (PaaS) instances.

According to the report, threat events in the Cloud, (compromised account, privileged user and insider threats) have increased 27.7 per cent (YoY), with threats in Microsoft Office365 growing by 63 per cent (YoY).

“In order to continue to accelerate their business, organisations need a cloud-native and frictionless way to consistently protect their data and defend from threats across the spectrum of SaaS, IaaS and PaaS,” Gupta added.

To secure sensitive data in cloud storage, file-sharing and collaboration applications, organisations must first understand which Cloud services are in use, hold their sensitive data, and how that data is being shared and with whom.

“Once organisations have gained this visibility, they can then enforce appropriate security policies to prohibit highly sensitive data from being stored in unapproved cloud services,” said the report.