Concentration Risk is the new Vendor Lock-In
One in four organisations which use public cloud services has had data stolen, according to a new report.
Additionally one in five organisations has experienced an advanced attack against its public cloud infrastructure, says the study. The findings are in cyber-security company McAfee’s third annual cloud adoption and security report, Navigating a Cloudy Sky: Practical Guidance and the State of Cloud Security. Other key findings of the research include the following:
- 97% of organisations use cloud services (public, private, or a combination of both), up from 93% one year ago
- 83% store sensitive data in the public cloud
- 69% trust the public cloud to keep their sensitive data secure
More than 1,400 information technology professionals were surveyed for the report, says McAfee. Rajiv Gupta, senior vice president of the cloud security business unit, McAfee, says: “Despite the clear prevalence of security incidents occurring in the cloud, enterprise cloud adoption is pressing on. “By implementing security measures that allow organisations to regain visibility and control of their data in the cloud, businesses can leverage the cloud to accelerate their business and improve the security of their data.” Based on findings from this year’s study, McAfee has drawn up three “best practices that all organisations should actively work towards”. They are as follows:
- DevOps and DevSecOps have been demonstrated to improve code quality and reduce exploits and vulnerabilities. Integrating development, quality assurance and security processes within the business unit or application team is crucial to operating at the speed today’s business environment demands.
- Even the most experienced security professionals find it difficult to keep up with the volume and pace of cloud deployments on their own. Automation that augments human advantages with machine advantages, such as that found in tools such as Chef, Puppet or Ansible, is a fundamental component of modern IT operations and it is no different with cloud adoption.
- Multiple management tools make it too easy for something to slip through. A unified management platform across multiple clouds with an open integration fabric reduces cost and complexity and increases security.
These practices and others used in combination will become increasingly critical for organisations going forward because the vast majority of them are putting sensitive data in the cloud. Personal customer information is stored in the cloud by 61% of organisations, says McAfee. Around 40% of respondents also store one or more of internal documentation, payment card information, personal staff data or government identification data. And about 30% keep intellectual property, healthcare records, competitive intelligence and network pass cards in the cloud, according to the report.