Cloud adoption leaves regulated industries open to attack
Switching to the cloud has left organizations in heavily regulated industries like healthcare and financial services with a greater attack surface, according to a new report.
Research published today by Blancco Technology Group, based on responses from 1,800 IT professionals in healthcare and finance, shows 65 percent of respondents say that the switch has also increased the volume of redundant, obsolete or trivial (ROT) data they collect.
In addition 45 percent fall short when it comes to determining when to dispose of cloud-stored data. 60 percent say that their cloud provider handles end of life (EOL) data for them; yet 35 percent report that they don't trust their cloud provider to appropriately manage EOL data on their behalf.
Also 59 percent of respondents report using processes without verified data destruction at least some of the time to deal with at least some of their EOL data. This can leave data intact and retrievable without a proper audit trail to prove proper EOL data disposal.
"Healthcare and financial services providers handle some of the most confidential and sensitive information possible. While they have made the move to cloud for better connectivity, digital transformation and ease of managing data, many of them are still falling short when it comes to knowing how to reduce risk and maintain compliance when that data is no longer serving a business function," says Jon Mellon, president global sales, marketing and field operations at Blancco.
While 65 percent of organizations feel that they can better manage EOL data on premises than in the cloud and 63 percent use software-based erasure with an audit trail for managing all data -- both on-premises and cloud -- a worrying 38 percent carry out erasure without an audit trail.
The study finds that 57 percent of organizations have a data schedule where they review different data types to determine whether data has reached end of life. But just over a quarter (28 percent) use the blunt approach of automatically setting a data expiration date, which is simple but ineffective because it doesn't consider what the data is, what it's worth, or the risk of it getting into the wrong hands.
You can get the full report on the Blancco site.
Image credit: VitalikRadko/depositphotos.com