The protection of the enterprise data is at serious risk owing to the growing incidents of cloud threats and configuration mistakes while storing sensitive information in the cloud and software-as-a-service (SaaS) collaboration. Considering this risk ‘McAfee‘ the device-to-cloud cybersecurity company has released its risk report and cloud adoption. It will analyze billions of events by using customer production cloud in anonymity to evaluate the current complete picture of cloud deployments and find out associated risks.
According to certain report, almost 25 percent of cloud data can be categorized as sensitive which means it puts an organization at risk if data is leaked or stolen. In order to remain on the safe side, people should use the cloud strategy which includes configuration audits, data loss protection, and collaboration control. Those who do not adopt the strategy put their most valuable data on risk.
In a study, it was found that organizations aggressively use the public cloud to create new digital experiences for their customers. For this, the average enterprise experiences up to 2,200 miss-configurations incidents every month in their infrastructure-as-a-service (IaaS) and platform-as-a-service (PaaS) instances. Cloud service providers cover the security of the cloud only and does not secure the customer data. It is the responsibility of the companies to secure their data wherever it is. Therefore, there is a need to deploy cloud security solutions that reach the whole cloud spectrum from SaaS to Infrastructure-as-a-service (IaaS) and Platform-as-a-service (PaaS).
Rajiv Gupta, senior vice president of the cloud security system for McAfee, said that cloud operation has become common for organizations where employees do not think much about sharing and storing sensitive data in the cloud. Collaboration errors in SaaS, accidental sharing, configuration errors in IaaS/PaaS, and threats are all increasing nowadays. In order to run a business successfully, an organization needs a frictionless and a cloud-native way to continuously secure their data and protect it from threats across the spectrum of SaaS, IaaS and PaaS.
Productivity suites like Office 365 and Cloud services like Box are used to increase the effectiveness and fluidity of collaboration. Sharing the sensitive data with a publicly accessible link or in open has increased by 23 percent. The similar data to a personal email address has also been increased to 12 percent. To secure such kind of data in cloud storage, organizations need to understand first that which cloud services are in use which can hold their sensitive data. They also need to understand how data is being shared and with whom it has to be shared. Once organizations understand all this, they can apply appropriate security policies to remove highly sensitive data from being stored in an unauthentic cloud provider.
With SaaS, the user is himself responsible only for his identity and access to data. With IaaS, user is responsible for the maximum of his data security which includes access, identity, network controls, applications, and host infrastructure. It provides users to have more control over their cloud infrastructure. However, it increases the organization’s responsibility and the surface area for security risks.