Misconfigurations put enterprise cloud data at risk
While organizations are increasingly using the public cloud to create new digital experiences for their customers, the average enterprise experiences more than 2,200 misconfiguration incidents per month in their infrastructure-as-a-service (IaaS) and platform-as-a-service (PaaS) instances.
This is among the findings of McAfee's latest Cloud Adoption and Risk Report which also finds that 21 percent of data in the cloud can now be classed as 'sensitive', putting the business at risk if it's stolen or leaked.
Enterprise organizations have an average of 14 misconfigured IaaS/PaaS instances running at one time, and 5.5 percent of AWS S3 buckets have world read permissions, making them open to the public.
Sharing sensitive data in the cloud has also increased by 53 percent year-on-year. Businesses that don’t adopt a cloud strategy that includes data loss protection, configuration audits and collaboration controls, will endanger the security of their data while exposing themselves to increased risk of non-compliance with internal and external regulations.
"Operating in the cloud has become the new normal for organizations, so much so that our employees do not think twice about storing and sharing sensitive data in the cloud," says Rajiv Gupta, senior vice president of the Cloud Security Business, McAfee. "Accidental sharing, collaboration errors in SaaS cloud services, configuration errors in IaaS/PaaS cloud services, and threats are all increasing. In order to continue to accelerate their business, organizations need a cloud-native and frictionless way to consistently protect their data and defend from threats across the spectrum of SaaS, IaaS and PaaS."
Among other findings are that 22 percent of cloud users share files externally, up 21 percent year-on-year, sharing sensitive data with an open, publicly accessible link, has increased by 23 percent, and sensitive data sent to a personal email address also increased by 12 percent.
Meanwhile the threat level is increasing. Threat events in the cloud, such as a compromised account, privileged user, or insider threat, have increased 27.7 percent. In addition 80 percent of all organizations experience at least one compromised account threat per month, while 92 percent have stolen cloud credentials for sale on the Dark Web
You can find out more in the full report which is available from the McAfee site.