A quarter of organizations have had data stolen from the public cloud
Public cloud services are now in use in 97 percent of organizations, but one in four have experienced data theft and cloud-first strategies are on the decline.
These are among the findings of the latest annual cloud report from McAfee. Among other highlights are that 83 percent store sensitive data in the public cloud and 69 percent trust the public cloud to keep their sensitive data secure. However, one in five organizations has experienced an advanced attack against its public cloud infrastructure.
"Despite the clear prevalence of security incidents occurring in the cloud, enterprise cloud adoption is pressing on," says Rajiv Gupta, senior vice president of the cloud security business unit at McAfee. "By implementing security measures that allow organizations to regain visibility and control of their data in the cloud, businesses can leverage the cloud to accelerate their business and improve the security of their data."
The combination of public and private cloud is the most popular architecture according to the report, with 59 percent of respondents now reporting they are using a hybrid model. While private-only usage is relatively similar across all organization sizes, hybrid usage grows steadily with organization size, from 54 percent in organizations up to 1,000 employees, to 65 percent in larger enterprises with more than 5,000 employees.
Interestingly there's increased caution surrounding cloud-first strategies. The number with a cloud-first strategy has dropped from 82 percent to 65 percent this year.
There's a full range of sensitive and confidential information being stored in the cloud. Personal customer information is by far the most common, reported by 61 percent of organizations. Around 40 percent of respondents also store one or more of internal documentation, payment card information, personal staff data or government identification data. Finally, about 30 percent keep intellectual property, healthcare records, competitive intelligence and network pass cards in the cloud. Fewer than 10 percent of organizations anticipate decreasing their cloud investment as a result of GDPR.
The shortage of cyber security skills and its impact on cloud adoption is decreasing according to the findings. The number reporting no skills shortage increased from 15 percent to 24 percent this year. Of those still seeing a skills shortage, only 40 percent have slowed their cloud adoption as a result, compared to 49 percent last year. Interestingly cloud adoption rates are highest in those reporting the highest skills shortages.
You can read more about the findings in the full report which is available from the McAfee website.