Lack of visibility into an organisation’s use of cloud providers can lead to unauthorised access to data, improper handling and storage of data and improper data removal. As a result, organisations are left highly exposed and vulnerable to a data breach, reveals the “Lost in the Cloud: Data Security Challenges and Risks” research study released today by Blancco Technology Group (LON: BLTG).
Based on a survey of over 290 IT professionals in the US, Canada, Mexico, UK, Germany, France, India, Japan and China, the study indicates that 26 percent of organisations are either “not confident’ or ‘somewhat confident’ about their IT teams’ knowledge of the use of all cloud storage providers. Further exacerbating data security vulnerabilities in the cloud, 15 percent of organisations rarely or never conduct audits of cloud providers who are storing their corporate data.
Key findings from the study include:
- Consolidation and diversification is the name of the cloud computing game. 89 percent of the surveyed IT professionals said they use a total of 1-15 private cloud storage providers and 92 percent use 1-15 public cloud storage providers.
- Fighting off APTs, compromised credentials and hacked interfaces are top cloud security priorities. When we asked IT professionals to rank various cloud security threats in terms of their company’s priority – specific to budgets, resources and tools – the respondents cited advanced persistent threats (APTs), compromised credentials and hacked interfaces/APIs as being top priorities.
- Data migration and data centre decommissioning processes are fundamental to preventing data loss. 16 percent of organisations admitted that they ‘do not know’ what security precaution they would take to prevent data loss/theft when decommissioning/shutting down a cloud/virtual server.
- Cloud storage needs defined audit processes and monitoring to stay compliant. Close to half (40 percent) of organisations believe storing corporate data in a cloud environment increases their compliance risk.
Richard Stiennon, Chief Strategy Officer of Blancco Technology Group, urges organisations to counter these data security vulnerabilities by conducting cloud compliance audits on a regular basis. “Whenever storing data offsite with a cloud provider, organisations must be diligent in knowing where their data is being stored, how it’s being protected and when it needs to be removed (in the case of migrating data to a new vendor or consolidating data centres, for example). A cloud compliance audit should include a review of policies and procedures that the cloud storage provider applies to your data, the technical solutions in place to protect your data and the skills of technical or business staff responsible for your data.”
