98 percent of companies experience cloud data breaches

In the last 18 months 98 percent of companies in a new survey have experienced at least one cloud data breach -- up from 79 percent last year.

The research, conducted by IDC for cloud infrastructure company Ermetic, reveals that of the 200 CISOs and security decision makers surveyed 67 percent report three or more breaches, and 63 percent say they had sensitive data exposed.

"Even though nearly 70 percent of companies invest more than 25 hours a week on cloud identity management, the survey found that 83 percent had at least one access-related cloud data breach," says Shai Morag, CEO of Ermetic. "In fact, almost 60 percent of organizations said they consider lack of visibility and inadequate IAM security a major threat to their cloud infrastructure."

Among other findings, 83 percent of enterprises report that at least one of their cloud breaches was related to access, so it’s not surprising that access risk and cloud infrastructure security rank among the top five security priorities for companies in the next 18 months.

Nearly 70 percent of companies say spend more than 25 hours per week managing IAM in cloud infrastructure. 71 percent use commercial security tools offered by cloud providers, and report that these tools require a lot of time. Only 20 percent of organizations say they are very satisfied with their cloud security posture.

Least privilege access is popular, with 92 percent of companies saying they have tried, are trying or will try to implement it in the cloud in the next 12 months. However, nearly 50 percent of organizations report that they’re struggling to implement least privilege, either because it's too difficult (29 percent), they lack personnel/expertise (29 percent) or due to multi-clouds (29 percent).

There’s an infographic summary of the findings below and you can get the full report from the Ermetic site.

Image Credit: Brian A Jackson / Shutterstock