Shadow IT intensifies cloud security risks
Lack of visibility into an organization’s use of cloud providers can lead to unauthorized access to data, improper handling and storage of data and improper data removal. As a result, organizations are left highly exposed and vulnerable to a data breach, reveales a new Blancco Technology Group study.
Based on a survey of over 290 IT professionals in the US, Canada, Mexico, UK, Germany, France, India, Japan and China, the study indicates that 26 percent of organizations are either “not confident’ or ‘somewhat confident’ about their IT teams’ knowledge of the use of all cloud storage providers.
Further exacerbating data security vulnerabilities in the cloud, 15 percent of organizations rarely or never conduct audits of cloud providers who are storing their corporate data.
Consolidation and diversification is the name of the cloud computing game. 89 percent of the surveyed IT professionals said they use a total of 1-15 private cloud storage providers and 92 percent use 1-15 public cloud storage providers.
Fighting off APTs, compromised credentials and hacked interfaces are top cloud security priorities. When we asked IT professionals to rank various cloud security threats in terms of their company’s priority – specific to budgets, resources and tools – the respondents cited advanced persistent threats (APTs), compromised credentials and hacked interfaces/APIs as being top priorities.
Data migration and data center decommissioning processes are fundamental to preventing data loss. 16 percent of organizations admitted that they ‘do not know’ what security precaution they would take to prevent data loss/theft when decommissioning/shutting down a cloud/virtual server.
Cloud storage needs defined audit processes and monitoring to stay compliant. Close to half (40 percent) of organizations believe storing corporate data in a cloud environment increases their compliance risk.
Richard Stiennon, Chief Strategy Officer of Blancco Technology Group, urges organizations to counter these data security vulnerabilities by conducting cloud compliance audits on a regular basis. “Whenever storing data offsite with a cloud provider, organizations must be diligent in knowing where their data is being stored, how it’s being protected and when it needs to be removed (in the case of migrating data to a new vendor or consolidating data centers, for example). A cloud compliance audit should include a review of policies and procedures that the cloud storage provider applies to your data, the technical solutions in place to protect your data and the skills of technical or business staff responsible for your data.”