A third of enterprises suffer unauthorized cloud access
Last month we reported on public sector organizations suffering from cloud leakage. A new report out today shows that this is an issue in the private sector too.
The report from cloud governance platform CloudSphere reveals that 32 percent of enterprises have experienced unauthorized access to their cloud resources.
Perhaps more worrying is that 19 percent didn't know if unauthorized access had occurred, a problem largely driven by poor enforcement of identity and access management (IAM) policies in the cloud.
"As cloud adoption accelerates, securing and governing multicloud environments is a top IT challenge facing enterprises," says Keith Neilson, technical evangelist for CloudSphere. "This research highlights the immense cloud governance gaps enterprises experience that ultimately leave sensitive data vulnerable to breaches. It is critical enterprises adapt a unified approach to properly govern cloud access and protect enterprise data to avoid costly breaches and preserve trust."
The complex nature of cloud environments makes having visibility into which users have access to data and resources increasingly difficult. Especially troubling is the disparity between the enterprise's perception of secure access control and the reality of policy enforcement failures. The research finds that while 78 percent claimed to be able to enforce IAM policies, 69 percent report that policy enforcement issues created unauthorized access.
Cloud governance policies are developed internally by 80 percent of companies. But despite having policies in place, a lack of enforcement ultimately leads to unauthorized access and the risk of costly breaches of sensitive data.
In addition, 53 percent of companies report 100 or more individuals have cloud access across numerous internal and external teams, the majority of which have no security specific expertise. 72 percent say developers have cloud access and 69 percent say DevOps teams have cloud access. This large number of users increases the potential for error, and mistakes become more likely when trying to control access to cloud resources. Also, 41 percent say consultants have cloud access, and 25 percent say partners do too, putting data at even greater risk.
You can get the full report on the CloudSphere site.