One-in-four businesses experienced data theft from a public cloud, and one-in-five businesses experienced an advanced attack against their public cloud infrastructure, as per a report released by the cybersecurity firm – McAfee.
The report, “Navigating a Cloudy Sky”, is based on the sampling of 1400 IT personnel, and was released at the RSA Conference in San Francisco.
The report outlined the current cloud adoption state, concerns with the public and private cloud services, security implications in the cloud and the impact of unmanaged cloud usage.
It was found that inadequate visibility and control were the greatest challenges to cloud adoption in any organization. However, the business benefits of cloud and availability of modern cloud security tools outweighed any security concerns, helping it move ahead.
“Despite the clear prevalence of security incidents occurring in the cloud, enterprise cloud adoption is pressing on,” said Rajiv Gupta, senior vice president of the cloud security business unit at McAfee. “By implementing security measures that allow organizations to regain visibility and control of their data in the cloud, businesses can leverage the cloud to accelerate their business and improve the security of their data.”
Other findings of the report have been summarized here:
- Rise in cloud adoption
McAfee found that the number of businesses who used public, private and hybrid cloud had increased from 93% to 97% in the last one year. The rise in cloud adoption was significant at the hybrid cloud front.
Of the businesses who used any kind of cloud services, 88% of them stored sensitive data in the public cloud. 69% of the businesses trusted public cloud to keep their data safe. Whereas, 16% stated that they stored no sensitive data in the cloud.
61% of the businesses said that the most common sensitive data stored on the cloud was the personal information of their customers. 40% stored internal documentation, payment card details, personal staff information, and government identification data. Whereas, around 30% stored intellectual property, healthcare records, competitive intelligence and network pass cards in the cloud.
- Malware attacks have increased
The highlight of the survey report was that one in every four businesses who used IaaS, PaaS, or SaaS cloud service had their data stolen, and one in five had experienced an advanced attack against the public cloud infrastructure.
Furthermore, the malware attacks against the cloud applications rose from 52% to 56% over the course of one year. 25% of the businesses said that the malware was injected to the cloud by phishing.
- Decline in ‘shortage of cybersecurity skills’
The positives from the survey were that the ‘shortage of cybersecurity skills’ and its impact on the cloud adoption in the organizations had decreased.
The number of organizations who reported ‘no skills shortage’ increased from 15% to 24% in one year.
Of the organizations who reported ‘skills shortage’, only 40% reduced the rate of cloud adoption, compared to 49% last year.
- GDPR to fuel cloud adoption
With General Data Protection Regulation (GDPR) coming in action next month, the service providers will have to ramp up their compliance efforts. With the better compliance and security in the cloud, the businesses will be more confident about cloud adoption.
Only less than 10% businesses said that they might decrease their cloud investment because of GDPR.
Key takeaways – recommended security practices
- Integration of development DevOps and DevSecOps within the business environments can improve the quality of coding and reduce the vulnerabilities.
- Automation that brings together the human advantages and machine advantages are critical for modern IT operations. The use of tools like Chef and Puppet can be useful on this front.
- The use of a unified management platform across multiple clouds, rather than multiple management tools for multiple cloud, can reduce the costs and increase the security.