Those planning on transferring more of their data to the cloud - and even using it to deploy insights at scale, quality and speed - have been warned to choose wisely, with a new study revealing that just over half (52%) of all companies are storing data in cloud services that have already suffered a data breach.
According to McAfee’s "Enterprise Supernova: The Data Dispersion Cloud Adoption and Risk Report", cloud services are booming, and have replaced many business-critical applications formerly run as on-premises software.
The 1,000 businesses surveyed approve an average of 41 cloud services each, up a third (33%) from last year, but thousands of other services are used ad-hoc without vetting.
The report claims that by leaving significant gaps in the visibility of their data, organisations are risking the loss of sensitive information and even regulatory action.
According to the study, 26% of files in the cloud contain sensitive data, an increase of 23% year-over-year, but 91% of cloud services do not encrypt data at rest; meaning data is not protected if the cloud provider is breached.
Meanwhile, nearly four-fifths (79%) of companies allow access to enterprise-approved cloud services from personal devices. And one in four companies have had their sensitive data downloaded from the cloud to an unmanaged, personal device, where they cannot see or control what happens to the information.
One in ten files that contain sensitive data and are shared in the cloud even use a publicly accessible link to the file, an increase of 111% year-over-year.
One of the major issues appears to be that while nearly all (93%) chief information security officers understand it is their responsibility to secure data in the cloud, a third (30%) of companies lack the staff with skills to secure their software-as-a-service (SaaS) applications, up 33% from last year. Both technology and training are being outpaced by the rapid expansion of cloud services.
McAfee senior vice president of cloud security Rajiv Gupta said: “The force of the cloud is unstoppable, and the dispersion of data creates new opportunities for both growth and risk.
“Security that is data-centric, creating a spectrum of controls from the device, through the web, into the cloud, and within the cloud provides the opportunity to break the paradigm of yesterday’s network-centric protection that is not sufficient for today’s cloud-first needs.”